May 31 06:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3874]: pam_unix(cron:session): session closed for user root
May 31 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session closed for user root
May 31 06:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Invalid user patrick from 96.240.154.183
May 31 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: input_userauth_request: invalid user patrick [preauth]
May 31 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183
May 31 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Failed password for invalid user patrick from 96.240.154.183 port 58806 ssh2
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Received disconnect from 96.240.154.183 port 58806:11: Bye Bye [preauth]
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Disconnected from 96.240.154.183 port 58806 [preauth]
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5065]: pam_unix(cron:session): session closed for user p13x
May 31 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: Successful su for rubyman by root
May 31 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: + ??? root:rubyman
May 31 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427654 of user rubyman.
May 31 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: pam_unix(su:session): session closed for user rubyman
May 31 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427654.
May 31 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session closed for user root
May 31 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5066]: pam_unix(cron:session): session closed for user samftp
May 31 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Invalid user steam from 202.133.90.219
May 31 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: input_userauth_request: invalid user steam [preauth]
May 31 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for invalid user steam from 202.133.90.219 port 54786 ssh2
May 31 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 202.133.90.219 port 54786 [preauth]
May 31 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Did not receive identification string from 170.82.76.2
May 31 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: Failed password for root from 170.82.76.2 port 11497 ssh2
May 31 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: Connection closed by 170.82.76.2 port 11497 [preauth]
May 31 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user root
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5467]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5465]: pam_unix(cron:session): session closed for user p13x
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: Successful su for rubyman by root
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: + ??? root:rubyman
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427658 of user rubyman.
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: pam_unix(su:session): session closed for user rubyman
May 31 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427658.
May 31 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session closed for user root
May 31 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5466]: pam_unix(cron:session): session closed for user samftp
May 31 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183  user=root
May 31 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Failed password for root from 96.240.154.183 port 41516 ssh2
May 31 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Received disconnect from 96.240.154.183 port 41516:11: Bye Bye [preauth]
May 31 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Disconnected from 96.240.154.183 port 41516 [preauth]
May 31 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session closed for user root
May 31 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Invalid user squid from 202.133.90.219
May 31 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: input_userauth_request: invalid user squid [preauth]
May 31 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Failed password for invalid user squid from 202.133.90.219 port 34570 ssh2
May 31 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Connection closed by 202.133.90.219 port 34570 [preauth]
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5856]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session closed for user p13x
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5912]: Successful su for rubyman by root
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5912]: + ??? root:rubyman
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427663 of user rubyman.
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5912]: pam_unix(su:session): session closed for user rubyman
May 31 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427663.
May 31 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2975]: pam_unix(cron:session): session closed for user root
May 31 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session closed for user samftp
May 31 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Failed password for root from 51.250.105.222 port 55844 ssh2
May 31 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Connection closed by 51.250.105.222 port 55844 [preauth]
May 31 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5068]: pam_unix(cron:session): session closed for user root
May 31 06:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Invalid user ftpuser from 96.240.154.183
May 31 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: input_userauth_request: invalid user ftpuser [preauth]
May 31 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183
May 31 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Failed password for invalid user ftpuser from 96.240.154.183 port 50126 ssh2
May 31 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Received disconnect from 96.240.154.183 port 50126:11: Bye Bye [preauth]
May 31 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Disconnected from 96.240.154.183 port 50126 [preauth]
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6240]: pam_unix(cron:session): session closed for user root
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session closed for user p13x
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6300]: Successful su for rubyman by root
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6300]: + ??? root:rubyman
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427667 of user rubyman.
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6300]: pam_unix(su:session): session closed for user rubyman
May 31 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427667.
May 31 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session closed for user root
May 31 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3378]: pam_unix(cron:session): session closed for user root
May 31 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session closed for user samftp
May 31 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Failed password for root from 38.93.206.2 port 33666 ssh2
May 31 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Connection closed by 38.93.206.2 port 33666 [preauth]
May 31 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Failed password for root from 202.133.90.219 port 34370 ssh2
May 31 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Connection closed by 202.133.90.219 port 34370 [preauth]
May 31 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5468]: pam_unix(cron:session): session closed for user root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.107.255.36  user=root
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Failed password for root from 136.107.255.36 port 33424 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: Failed password for root from 136.107.255.36 port 33470 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Failed password for root from 136.107.255.36 port 33404 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: Failed password for root from 136.107.255.36 port 33486 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Failed password for root from 136.107.255.36 port 33392 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Failed password for root from 136.107.255.36 port 33418 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for root from 136.107.255.36 port 33500 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: Failed password for root from 136.107.255.36 port 33358 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Failed password for root from 136.107.255.36 port 33442 ssh2
May 31 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Connection closed by 194.59.206.2 port 39154 [preauth]
May 31 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 136.107.255.36 port 33434 ssh2
May 31 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: Failed password for root from 136.107.255.36 port 33454 ssh2
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Connection closed by 136.107.255.36 port 33424 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: Connection closed by 136.107.255.36 port 33470 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Connection closed by 136.107.255.36 port 33404 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Connection closed by 136.107.255.36 port 33392 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Connection closed by 136.107.255.36 port 33500 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Connection closed by 136.107.255.36 port 33418 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: Connection closed by 136.107.255.36 port 33486 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: Connection closed by 136.107.255.36 port 33358 [preauth]
May 31 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Connection closed by 136.107.255.36 port 33442 [preauth]
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user p13x
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6770]: Successful su for rubyman by root
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6770]: + ??? root:rubyman
May 31 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427673 of user rubyman.
May 31 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6770]: pam_unix(su:session): session closed for user rubyman
May 31 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427673.
May 31 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183  user=root
May 31 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user root
May 31 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Failed password for root from 96.240.154.183 port 46502 ssh2
May 31 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Received disconnect from 96.240.154.183 port 46502:11: Bye Bye [preauth]
May 31 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Disconnected from 96.240.154.183 port 46502 [preauth]
May 31 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session closed for user samftp
May 31 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Connection closed by 136.107.255.36 port 33434 [preauth]
May 31 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6541]: Connection closed by 136.107.255.36 port 33454 [preauth]
May 31 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5857]: pam_unix(cron:session): session closed for user root
May 31 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Failed password for root from 202.133.90.219 port 35666 ssh2
May 31 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Connection closed by 202.133.90.219 port 35666 [preauth]
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7210]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7209]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7207]: pam_unix(cron:session): session closed for user p13x
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7269]: Successful su for rubyman by root
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7269]: + ??? root:rubyman
May 31 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427676 of user rubyman.
May 31 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7269]: pam_unix(su:session): session closed for user rubyman
May 31 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427676.
May 31 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session closed for user root
May 31 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7208]: pam_unix(cron:session): session closed for user samftp
May 31 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Invalid user admin from 37.120.213.13
May 31 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: input_userauth_request: invalid user admin [preauth]
May 31 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13
May 31 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Failed password for invalid user admin from 37.120.213.13 port 58846 ssh2
May 31 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Connection closed by 37.120.213.13 port 58846 [preauth]
May 31 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: Invalid user ubuntu from 96.240.154.183
May 31 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: input_userauth_request: invalid user ubuntu [preauth]
May 31 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183
May 31 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: Failed password for invalid user ubuntu from 96.240.154.183 port 33260 ssh2
May 31 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: Received disconnect from 96.240.154.183 port 33260:11: Bye Bye [preauth]
May 31 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: Disconnected from 96.240.154.183 port 33260 [preauth]
May 31 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6239]: pam_unix(cron:session): session closed for user root
May 31 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: Failed password for root from 87.251.79.125 port 37268 ssh2
May 31 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: Connection closed by 87.251.79.125 port 37268 [preauth]
May 31 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user p13x
May 31 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: Successful su for rubyman by root
May 31 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: + ??? root:rubyman
May 31 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427681 of user rubyman.
May 31 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: pam_unix(su:session): session closed for user rubyman
May 31 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427681.
May 31 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session closed for user root
May 31 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session closed for user samftp
May 31 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Failed password for root from 202.133.90.219 port 35218 ssh2
May 31 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Connection closed by 202.133.90.219 port 35218 [preauth]
May 31 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session closed for user root
May 31 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183  user=root
May 31 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Failed password for root from 96.240.154.183 port 54074 ssh2
May 31 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Received disconnect from 96.240.154.183 port 54074:11: Bye Bye [preauth]
May 31 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Disconnected from 96.240.154.183 port 54074 [preauth]
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8099]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8095]: pam_unix(cron:session): session closed for user p13x
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8159]: Successful su for rubyman by root
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8159]: + ??? root:rubyman
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427685 of user rubyman.
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8159]: pam_unix(su:session): session closed for user rubyman
May 31 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427685.
May 31 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5467]: pam_unix(cron:session): session closed for user root
May 31 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session closed for user samftp
May 31 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Invalid user system from 185.156.73.233
May 31 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: input_userauth_request: invalid user system [preauth]
May 31 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Failed password for invalid user system from 185.156.73.233 port 42568 ssh2
May 31 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Connection closed by 185.156.73.233 port 42568 [preauth]
May 31 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7210]: pam_unix(cron:session): session closed for user root
May 31 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: Failed password for root from 109.172.54.111 port 39986 ssh2
May 31 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: Connection closed by 109.172.54.111 port 39986 [preauth]
May 31 06:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8490]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8491]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session closed for user root
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user p13x
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8560]: Successful su for rubyman by root
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8560]: + ??? root:rubyman
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427688 of user rubyman.
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8560]: pam_unix(su:session): session closed for user rubyman
May 31 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427688.
May 31 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Failed password for root from 202.133.90.219 port 36522 ssh2
May 31 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Connection closed by 202.133.90.219 port 36522 [preauth]
May 31 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5856]: pam_unix(cron:session): session closed for user root
May 31 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8490]: pam_unix(cron:session): session closed for user root
May 31 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session closed for user samftp
May 31 06:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: Invalid user nacos from 96.240.154.183
May 31 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: input_userauth_request: invalid user nacos [preauth]
May 31 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.240.154.183
May 31 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: Failed password for invalid user nacos from 96.240.154.183 port 35122 ssh2
May 31 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: Received disconnect from 96.240.154.183 port 35122:11: Bye Bye [preauth]
May 31 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: Disconnected from 96.240.154.183 port 35122 [preauth]
May 31 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7615]: pam_unix(cron:session): session closed for user root
May 31 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session closed for user p13x
May 31 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8993]: Successful su for rubyman by root
May 31 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8993]: + ??? root:rubyman
May 31 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427696 of user rubyman.
May 31 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8993]: pam_unix(su:session): session closed for user rubyman
May 31 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427696.
May 31 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session closed for user root
May 31 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session closed for user samftp
May 31 06:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8099]: pam_unix(cron:session): session closed for user root
May 31 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Failed password for root from 202.133.90.219 port 44572 ssh2
May 31 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Connection closed by 202.133.90.219 port 44572 [preauth]
May 31 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9331]: pam_unix(cron:session): session closed for user p13x
May 31 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9390]: Successful su for rubyman by root
May 31 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9390]: + ??? root:rubyman
May 31 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427700 of user rubyman.
May 31 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9390]: pam_unix(su:session): session closed for user rubyman
May 31 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427700.
May 31 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session closed for user root
May 31 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session closed for user samftp
May 31 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Failed password for root from 103.173.227.57 port 34840 ssh2
May 31 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Connection closed by 103.173.227.57 port 34840 [preauth]
May 31 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session closed for user root
May 31 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user p13x
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: Successful su for rubyman by root
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: + ??? root:rubyman
May 31 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427702 of user rubyman.
May 31 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: pam_unix(su:session): session closed for user rubyman
May 31 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427702.
May 31 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7209]: pam_unix(cron:session): session closed for user root
May 31 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9719]: pam_unix(cron:session): session closed for user samftp
May 31 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Failed password for root from 202.133.90.219 port 43150 ssh2
May 31 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Connection closed by 202.133.90.219 port 43150 [preauth]
May 31 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Failed password for root from 194.113.233.25 port 60678 ssh2
May 31 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Connection closed by 194.113.233.25 port 60678 [preauth]
May 31 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8927]: pam_unix(cron:session): session closed for user root
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10393]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10391]: pam_unix(cron:session): session closed for user p13x
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: Successful su for rubyman by root
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: + ??? root:rubyman
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427707 of user rubyman.
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: pam_unix(su:session): session closed for user rubyman
May 31 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427707.
May 31 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10389]: pam_unix(cron:session): session closed for user root
May 31 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user root
May 31 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10392]: pam_unix(cron:session): session closed for user samftp
May 31 06:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Received disconnect from 199.127.60.187 port 34082:11: disconnected by user [preauth]
May 31 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Disconnected from 199.127.60.187 port 34082 [preauth]
May 31 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session closed for user root
May 31 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Failed password for root from 202.133.90.219 port 47698 ssh2
May 31 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Connection closed by 202.133.90.219 port 47698 [preauth]
May 31 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Invalid user ezlife from 173.254.234.162
May 31 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: input_userauth_request: invalid user ezlife [preauth]
May 31 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Failed password for invalid user ezlife from 173.254.234.162 port 40798 ssh2
May 31 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Connection closed by 173.254.234.162 port 40798 [preauth]
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user root
May 31 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session closed for user p13x
May 31 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10977]: Successful su for rubyman by root
May 31 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10977]: + ??? root:rubyman
May 31 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427713 of user rubyman.
May 31 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10977]: pam_unix(su:session): session closed for user rubyman
May 31 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427713.
May 31 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session closed for user root
May 31 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user root
May 31 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user samftp
May 31 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Failed password for root from 103.82.132.16 port 46280 ssh2
May 31 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Connection closed by 103.82.132.16 port 46280 [preauth]
May 31 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11196]: Failed password for root from 62.133.62.83 port 59262 ssh2
May 31 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11196]: Connection closed by 62.133.62.83 port 59262 [preauth]
May 31 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session closed for user root
May 31 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 06:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Failed password for root from 103.27.238.114 port 47020 ssh2
May 31 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Connection closed by 103.27.238.114 port 47020 [preauth]
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session closed for user p13x
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: Successful su for rubyman by root
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: + ??? root:rubyman
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427717 of user rubyman.
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: pam_unix(su:session): session closed for user rubyman
May 31 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427717.
May 31 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8491]: pam_unix(cron:session): session closed for user root
May 31 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session closed for user samftp
May 31 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 06:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Failed password for root from 103.77.175.15 port 44472 ssh2
May 31 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Connection closed by 103.77.175.15 port 44472 [preauth]
May 31 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for root from 202.133.90.219 port 48462 ssh2
May 31 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Connection closed by 202.133.90.219 port 48462 [preauth]
May 31 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10394]: pam_unix(cron:session): session closed for user root
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session closed for user p13x
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: Successful su for rubyman by root
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: + ??? root:rubyman
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427722 of user rubyman.
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: pam_unix(su:session): session closed for user rubyman
May 31 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427722.
May 31 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session closed for user root
May 31 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session closed for user samftp
May 31 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
May 31 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Failed password for root from 202.133.90.219 port 34172 ssh2
May 31 06:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Connection closed by 202.133.90.219 port 34172 [preauth]
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12233]: pam_unix(cron:session): session closed for user p13x
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: Successful su for rubyman by root
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: + ??? root:rubyman
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427725 of user rubyman.
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: pam_unix(su:session): session closed for user rubyman
May 31 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427725.
May 31 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session closed for user root
May 31 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12234]: pam_unix(cron:session): session closed for user samftp
May 31 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user root
May 31 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Did not receive identification string from 195.96.139.181
May 31 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Connection closed by 195.96.139.181 port 54743 [preauth]
May 31 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: Failed password for root from 103.82.20.28 port 47880 ssh2
May 31 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: Connection closed by 103.82.20.28 port 47880 [preauth]
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12773]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12772]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session closed for user p13x
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12834]: Successful su for rubyman by root
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12834]: + ??? root:rubyman
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427730 of user rubyman.
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12834]: pam_unix(su:session): session closed for user rubyman
May 31 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427730.
May 31 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session closed for user root
May 31 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12771]: pam_unix(cron:session): session closed for user samftp
May 31 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Failed password for root from 202.133.90.219 port 52912 ssh2
May 31 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Connection closed by 202.133.90.219 port 52912 [preauth]
May 31 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session closed for user root
May 31 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Invalid user pi from 80.94.95.115
May 31 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: input_userauth_request: invalid user pi [preauth]
May 31 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Failed password for invalid user pi from 80.94.95.115 port 60422 ssh2
May 31 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Connection closed by 80.94.95.115 port 60422 [preauth]
May 31 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Invalid user orangepi from 37.120.213.13
May 31 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: input_userauth_request: invalid user orangepi [preauth]
May 31 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13
May 31 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Failed password for invalid user orangepi from 37.120.213.13 port 34086 ssh2
May 31 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Connection closed by 37.120.213.13 port 34086 [preauth]
May 31 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user root
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13187]: pam_unix(cron:session): session closed for user p13x
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: Successful su for rubyman by root
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: + ??? root:rubyman
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427735 of user rubyman.
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: pam_unix(su:session): session closed for user rubyman
May 31 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427735.
May 31 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10393]: pam_unix(cron:session): session closed for user root
May 31 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session closed for user root
May 31 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13188]: pam_unix(cron:session): session closed for user samftp
May 31 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: Failed password for root from 80.66.85.226 port 33192 ssh2
May 31 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: Connection closed by 80.66.85.226 port 33192 [preauth]
May 31 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user root
May 31 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Failed password for root from 103.27.238.120 port 45720 ssh2
May 31 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Failed password for root from 103.27.238.116 port 36112 ssh2
May 31 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Connection closed by 103.27.238.120 port 45720 [preauth]
May 31 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Connection closed by 103.27.238.116 port 36112 [preauth]
May 31 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Failed password for root from 202.133.90.219 port 56214 ssh2
May 31 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Connection closed by 202.133.90.219 port 56214 [preauth]
May 31 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13611]: pam_unix(cron:session): session closed for user p13x
May 31 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13682]: Successful su for rubyman by root
May 31 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13682]: + ??? root:rubyman
May 31 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427740 of user rubyman.
May 31 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13682]: pam_unix(su:session): session closed for user rubyman
May 31 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427740.
May 31 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user root
May 31 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13612]: pam_unix(cron:session): session closed for user samftp
May 31 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12773]: pam_unix(cron:session): session closed for user root
May 31 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14022]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session closed for user p13x
May 31 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14096]: Successful su for rubyman by root
May 31 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14096]: + ??? root:rubyman
May 31 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427744 of user rubyman.
May 31 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14096]: pam_unix(su:session): session closed for user rubyman
May 31 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427744.
May 31 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14022]: pam_unix(cron:session): session closed for user root
May 31 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session closed for user root
May 31 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session closed for user samftp
May 31 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: Failed password for root from 202.133.90.219 port 41254 ssh2
May 31 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: Connection closed by 202.133.90.219 port 41254 [preauth]
May 31 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Failed password for root from 45.78.194.186 port 59698 ssh2
May 31 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Received disconnect from 45.78.194.186 port 59698:11: Bye Bye [preauth]
May 31 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Disconnected from 45.78.194.186 port 59698 [preauth]
May 31 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session closed for user root
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session closed for user p13x
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: Successful su for rubyman by root
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: + ??? root:rubyman
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427748 of user rubyman.
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: pam_unix(su:session): session closed for user rubyman
May 31 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427748.
May 31 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11812]: pam_unix(cron:session): session closed for user root
May 31 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session closed for user samftp
May 31 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13614]: pam_unix(cron:session): session closed for user root
May 31 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Failed password for root from 202.133.90.219 port 51680 ssh2
May 31 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Connection closed by 202.133.90.219 port 51680 [preauth]
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14922]: pam_unix(cron:session): session closed for user p13x
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14984]: Successful su for rubyman by root
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14984]: + ??? root:rubyman
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427754 of user rubyman.
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14984]: pam_unix(su:session): session closed for user rubyman
May 31 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427754.
May 31 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user root
May 31 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session closed for user samftp
May 31 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session closed for user root
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session closed for user root
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15318]: pam_unix(cron:session): session closed for user p13x
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: Successful su for rubyman by root
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: + ??? root:rubyman
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427757 of user rubyman.
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: pam_unix(su:session): session closed for user rubyman
May 31 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427757.
May 31 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session closed for user root
May 31 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12772]: pam_unix(cron:session): session closed for user root
May 31 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session closed for user samftp
May 31 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Failed password for root from 202.133.90.219 port 45286 ssh2
May 31 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Connection closed by 202.133.90.219 port 45286 [preauth]
May 31 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session closed for user root
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15736]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session closed for user p13x
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: Successful su for rubyman by root
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: + ??? root:rubyman
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427762 of user rubyman.
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: pam_unix(su:session): session closed for user rubyman
May 31 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427762.
May 31 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session closed for user root
May 31 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session closed for user samftp
May 31 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session closed for user root
May 31 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Failed password for root from 202.133.90.219 port 51046 ssh2
May 31 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Connection closed by 202.133.90.219 port 51046 [preauth]
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user p13x
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16185]: Successful su for rubyman by root
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16185]: + ??? root:rubyman
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427766 of user rubyman.
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16185]: pam_unix(su:session): session closed for user rubyman
May 31 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427766.
May 31 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13613]: pam_unix(cron:session): session closed for user root
May 31 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session closed for user samftp
May 31 06:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Invalid user user2 from 187.51.208.158
May 31 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: input_userauth_request: invalid user user2 [preauth]
May 31 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 06:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Failed password for invalid user user2 from 187.51.208.158 port 35866 ssh2
May 31 06:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Received disconnect from 187.51.208.158 port 35866:11: Bye Bye [preauth]
May 31 06:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Disconnected from 187.51.208.158 port 35866 [preauth]
May 31 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user root
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user p13x
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16569]: Successful su for rubyman by root
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16569]: + ??? root:rubyman
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427771 of user rubyman.
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16569]: pam_unix(su:session): session closed for user rubyman
May 31 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427771.
May 31 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session closed for user root
May 31 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user samftp
May 31 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Failed password for root from 202.133.90.219 port 49952 ssh2
May 31 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Connection closed by 202.133.90.219 port 49952 [preauth]
May 31 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15736]: pam_unix(cron:session): session closed for user root
May 31 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Failed password for root from 103.153.68.219 port 58914 ssh2
May 31 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Connection closed by 103.153.68.219 port 58914 [preauth]
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session closed for user p13x
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16964]: Successful su for rubyman by root
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16964]: + ??? root:rubyman
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427774 of user rubyman.
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16964]: pam_unix(su:session): session closed for user rubyman
May 31 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427774.
May 31 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session closed for user root
May 31 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session closed for user samftp
May 31 06:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user root
May 31 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Invalid user user from 185.156.73.233
May 31 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: input_userauth_request: invalid user user [preauth]
May 31 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 06:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Failed password for invalid user user from 185.156.73.233 port 19074 ssh2
May 31 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Connection closed by 185.156.73.233 port 19074 [preauth]
May 31 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Failed password for root from 202.133.90.219 port 36306 ssh2
May 31 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Connection closed by 202.133.90.219 port 36306 [preauth]
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17298]: pam_unix(cron:session): session closed for user root
May 31 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user p13x
May 31 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17364]: Successful su for rubyman by root
May 31 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17364]: + ??? root:rubyman
May 31 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427780 of user rubyman.
May 31 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17364]: pam_unix(su:session): session closed for user rubyman
May 31 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427780.
May 31 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session closed for user root
May 31 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user root
May 31 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user samftp
May 31 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Connection closed by 66.132.195.35 port 10868 [preauth]
May 31 06:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user root
May 31 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17811]: pam_unix(cron:session): session closed for user p13x
May 31 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17889]: Successful su for rubyman by root
May 31 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17889]: + ??? root:rubyman
May 31 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427784 of user rubyman.
May 31 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17889]: pam_unix(su:session): session closed for user rubyman
May 31 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427784.
May 31 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session closed for user root
May 31 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session closed for user samftp
May 31 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18048]: Failed password for root from 5.161.127.143 port 44098 ssh2
May 31 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18048]: Received disconnect from 5.161.127.143 port 44098:11: Bye Bye [preauth]
May 31 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18048]: Disconnected from 5.161.127.143 port 44098 [preauth]
May 31 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: Failed password for root from 202.133.90.219 port 47076 ssh2
May 31 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: Connection closed by 202.133.90.219 port 47076 [preauth]
May 31 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Invalid user ftpuser from 192.227.213.228
May 31 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: input_userauth_request: invalid user ftpuser [preauth]
May 31 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Failed password for invalid user ftpuser from 192.227.213.228 port 59168 ssh2
May 31 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Received disconnect from 192.227.213.228 port 59168:11: Bye Bye [preauth]
May 31 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Disconnected from 192.227.213.228 port 59168 [preauth]
May 31 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16907]: pam_unix(cron:session): session closed for user root
May 31 06:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Received disconnect from 158.69.227.40 port 42348:11: disconnected by user [preauth]
May 31 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Disconnected from 158.69.227.40 port 42348 [preauth]
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user p13x
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: Successful su for rubyman by root
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: + ??? root:rubyman
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427790 of user rubyman.
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: pam_unix(su:session): session closed for user rubyman
May 31 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427790.
May 31 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session closed for user root
May 31 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18347]: Failed password for root from 37.120.213.13 port 38000 ssh2
May 31 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18347]: Connection closed by 37.120.213.13 port 38000 [preauth]
May 31 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user samftp
May 31 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
May 31 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Invalid user parasitise from 67.207.84.8
May 31 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: input_userauth_request: invalid user parasitise [preauth]
May 31 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Failed password for invalid user parasitise from 67.207.84.8 port 48162 ssh2
May 31 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Connection closed by 67.207.84.8 port 48162 [preauth]
May 31 06:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Failed password for root from 202.133.90.219 port 43210 ssh2
May 31 06:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Connection closed by 202.133.90.219 port 43210 [preauth]
May 31 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Invalid user paragammacism from 173.254.234.162
May 31 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: input_userauth_request: invalid user paragammacism [preauth]
May 31 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Failed password for invalid user paragammacism from 173.254.234.162 port 57536 ssh2
May 31 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Connection closed by 173.254.234.162 port 57536 [preauth]
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session closed for user p13x
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: Successful su for rubyman by root
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: + ??? root:rubyman
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427793 of user rubyman.
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: pam_unix(su:session): session closed for user rubyman
May 31 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427793.
May 31 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user root
May 31 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session closed for user samftp
May 31 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Failed password for root from 5.161.127.143 port 45184 ssh2
May 31 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Received disconnect from 5.161.127.143 port 45184:11: Bye Bye [preauth]
May 31 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Disconnected from 5.161.127.143 port 45184 [preauth]
May 31 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17814]: pam_unix(cron:session): session closed for user root
May 31 06:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158  user=root
May 31 06:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Failed password for root from 187.51.208.158 port 35134 ssh2
May 31 06:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Received disconnect from 187.51.208.158 port 35134:11: Bye Bye [preauth]
May 31 06:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Disconnected from 187.51.208.158 port 35134 [preauth]
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session closed for user p13x
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: Successful su for rubyman by root
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: + ??? root:rubyman
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427796 of user rubyman.
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: pam_unix(su:session): session closed for user rubyman
May 31 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427796.
May 31 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user root
May 31 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19253]: pam_unix(cron:session): session closed for user samftp
May 31 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Failed password for root from 202.133.90.219 port 37606 ssh2
May 31 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Connection closed by 202.133.90.219 port 37606 [preauth]
May 31 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228  user=root
May 31 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19759]: Failed password for root from 192.227.213.228 port 37282 ssh2
May 31 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19759]: Received disconnect from 192.227.213.228 port 37282:11: Bye Bye [preauth]
May 31 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19759]: Disconnected from 192.227.213.228 port 37282 [preauth]
May 31 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user root
May 31 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: Invalid user ivan from 5.161.127.143
May 31 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: input_userauth_request: invalid user ivan [preauth]
May 31 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: pam_unix(sshd:auth): check pass; user unknown
May 31 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143
May 31 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: Failed password for invalid user ivan from 5.161.127.143 port 40146 ssh2
May 31 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: Received disconnect from 5.161.127.143 port 40146:11: Bye Bye [preauth]
May 31 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: Disconnected from 5.161.127.143 port 40146 [preauth]
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19868]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19871]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session closed for user root
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19868]: pam_unix(cron:session): session closed for user root
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19866]: pam_unix(cron:session): session closed for user p13x
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: Successful su for rubyman by root
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: + ??? root:rubyman
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427805 of user rubyman.
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: pam_unix(su:session): session closed for user rubyman
May 31 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427805.
May 31 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session closed for user root
May 31 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session closed for user root
May 31 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19867]: pam_unix(cron:session): session closed for user samftp
May 31 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Received disconnect from 108.181.22.199 port 5004:11: disconnected by user [preauth]
May 31 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Disconnected from 108.181.22.199 port 5004 [preauth]
May 31 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session closed for user root
May 31 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158  user=root
May 31 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Failed password for root from 187.51.208.158 port 50030 ssh2
May 31 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Received disconnect from 187.51.208.158 port 50030:11: Bye Bye [preauth]
May 31 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Disconnected from 187.51.208.158 port 50030 [preauth]
May 31 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Failed password for root from 202.133.90.219 port 56306 ssh2
May 31 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Connection closed by 202.133.90.219 port 56306 [preauth]
May 31 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Failed password for root from 193.37.70.224 port 47706 ssh2
May 31 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Connection closed by 193.37.70.224 port 47706 [preauth]
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session closed for user p13x
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20537]: Successful su for rubyman by root
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20537]: + ??? root:rubyman
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427807 of user rubyman.
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20537]: pam_unix(su:session): session closed for user rubyman
May 31 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427807.
May 31 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
May 31 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user samftp
May 31 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Invalid user milan from 5.161.127.143
May 31 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: input_userauth_request: invalid user milan [preauth]
May 31 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143
May 31 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Failed password for invalid user milan from 5.161.127.143 port 45174 ssh2
May 31 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Received disconnect from 5.161.127.143 port 45174:11: Bye Bye [preauth]
May 31 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Disconnected from 5.161.127.143 port 45174 [preauth]
May 31 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Invalid user ivan from 220.247.224.226
May 31 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: input_userauth_request: invalid user ivan [preauth]
May 31 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
May 31 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session closed for user root
May 31 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Failed password for invalid user ivan from 220.247.224.226 port 46757 ssh2
May 31 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Received disconnect from 220.247.224.226 port 46757:11: Bye Bye [preauth]
May 31 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Disconnected from 220.247.224.226 port 46757 [preauth]
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user p13x
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21033]: Successful su for rubyman by root
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21033]: + ??? root:rubyman
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427811 of user rubyman.
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21033]: pam_unix(su:session): session closed for user rubyman
May 31 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427811.
May 31 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user root
May 31 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user samftp
May 31 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for root from 202.133.90.219 port 46416 ssh2
May 31 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Connection closed by 202.133.90.219 port 46416 [preauth]
May 31 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Invalid user dev from 192.227.213.228
May 31 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: input_userauth_request: invalid user dev [preauth]
May 31 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Failed password for invalid user dev from 192.227.213.228 port 38670 ssh2
May 31 07:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Received disconnect from 192.227.213.228 port 38670:11: Bye Bye [preauth]
May 31 07:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Disconnected from 192.227.213.228 port 38670 [preauth]
May 31 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19871]: pam_unix(cron:session): session closed for user root
May 31 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158  user=root
May 31 07:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: Failed password for root from 187.51.208.158 port 36695 ssh2
May 31 07:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: Received disconnect from 187.51.208.158 port 36695:11: Bye Bye [preauth]
May 31 07:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: Disconnected from 187.51.208.158 port 36695 [preauth]
May 31 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: Invalid user username from 115.231.78.11
May 31 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: input_userauth_request: invalid user username [preauth]
May 31 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: Connection closed by 115.231.78.11 port 30000 [preauth]
May 31 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Invalid user admin from 5.161.127.143
May 31 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: input_userauth_request: invalid user admin [preauth]
May 31 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143
May 31 07:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for invalid user admin from 5.161.127.143 port 46434 ssh2
May 31 07:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Received disconnect from 5.161.127.143 port 46434:11: Bye Bye [preauth]
May 31 07:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Disconnected from 5.161.127.143 port 46434 [preauth]
May 31 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Failed password for root from 185.236.22.41 port 43992 ssh2
May 31 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Connection closed by 185.236.22.41 port 43992 [preauth]
May 31 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user p13x
May 31 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: Successful su for rubyman by root
May 31 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: + ??? root:rubyman
May 31 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427816 of user rubyman.
May 31 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session closed for user rubyman
May 31 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427816.
May 31 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
May 31 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user samftp
May 31 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user root
May 31 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21751]: Received disconnect from 103.75.71.17 port 8790:11: disconnected by user [preauth]
May 31 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21751]: Disconnected from 103.75.71.17 port 8790 [preauth]
May 31 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Failed password for root from 202.133.90.219 port 50652 ssh2
May 31 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Received disconnect from 23.237.188.34 port 57372:11: disconnected by user [preauth]
May 31 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Disconnected from 23.237.188.34 port 57372 [preauth]
May 31 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Connection closed by 202.133.90.219 port 50652 [preauth]
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session closed for user p13x
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: Successful su for rubyman by root
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: + ??? root:rubyman
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427820 of user rubyman.
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: pam_unix(su:session): session closed for user rubyman
May 31 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427820.
May 31 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session closed for user root
May 31 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user samftp
May 31 07:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: Received disconnect from 185.255.100.251 port 36720:11: disconnected by user [preauth]
May 31 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: Disconnected from 185.255.100.251 port 36720 [preauth]
May 31 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: Failed password for root from 5.161.127.143 port 47590 ssh2
May 31 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: Received disconnect from 5.161.127.143 port 47590:11: Bye Bye [preauth]
May 31 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: Disconnected from 5.161.127.143 port 47590 [preauth]
May 31 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Invalid user front from 192.227.213.228
May 31 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: input_userauth_request: invalid user front [preauth]
May 31 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Invalid user jawad from 187.51.208.158
May 31 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: input_userauth_request: invalid user jawad [preauth]
May 31 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Failed password for invalid user front from 192.227.213.228 port 39996 ssh2
May 31 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Received disconnect from 192.227.213.228 port 39996:11: Bye Bye [preauth]
May 31 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Disconnected from 192.227.213.228 port 39996 [preauth]
May 31 07:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Failed password for invalid user jawad from 187.51.208.158 port 51584 ssh2
May 31 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Received disconnect from 187.51.208.158 port 51584:11: Bye Bye [preauth]
May 31 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Disconnected from 187.51.208.158 port 51584 [preauth]
May 31 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user root
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22221]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session closed for user root
May 31 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session closed for user p13x
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22288]: Successful su for rubyman by root
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22288]: + ??? root:rubyman
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427825 of user rubyman.
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22288]: pam_unix(su:session): session closed for user rubyman
May 31 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427825.
May 31 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Failed password for root from 103.122.221.179 port 56314 ssh2
May 31 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Connection closed by 103.122.221.179 port 56314 [preauth]
May 31 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session closed for user root
May 31 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22221]: pam_unix(cron:session): session closed for user root
May 31 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session closed for user samftp
May 31 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: Failed password for root from 202.133.90.219 port 48528 ssh2
May 31 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: Connection closed by 202.133.90.219 port 48528 [preauth]
May 31 07:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Failed password for root from 220.247.224.226 port 8388 ssh2
May 31 07:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Received disconnect from 220.247.224.226 port 8388:11: Bye Bye [preauth]
May 31 07:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Disconnected from 220.247.224.226 port 8388 [preauth]
May 31 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Failed password for root from 103.149.170.125 port 54042 ssh2
May 31 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Connection closed by 103.149.170.125 port 54042 [preauth]
May 31 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session closed for user root
May 31 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Failed password for root from 5.161.127.143 port 32964 ssh2
May 31 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Received disconnect from 5.161.127.143 port 32964:11: Bye Bye [preauth]
May 31 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Disconnected from 5.161.127.143 port 32964 [preauth]
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22649]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session closed for user p13x
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22711]: Successful su for rubyman by root
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22711]: + ??? root:rubyman
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427829 of user rubyman.
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22711]: pam_unix(su:session): session closed for user rubyman
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427829.
May 31 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22741]: Failed password for root from 94.159.98.239 port 36722 ssh2
May 31 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19870]: pam_unix(cron:session): session closed for user root
May 31 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22741]: Connection closed by 94.159.98.239 port 36722 [preauth]
May 31 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22647]: pam_unix(cron:session): session closed for user samftp
May 31 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158  user=root
May 31 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Failed password for root from 187.51.208.158 port 38239 ssh2
May 31 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Received disconnect from 187.51.208.158 port 38239:11: Bye Bye [preauth]
May 31 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Disconnected from 187.51.208.158 port 38239 [preauth]
May 31 07:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228  user=root
May 31 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Failed password for root from 192.227.213.228 port 41328 ssh2
May 31 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Received disconnect from 192.227.213.228 port 41328:11: Bye Bye [preauth]
May 31 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Disconnected from 192.227.213.228 port 41328 [preauth]
May 31 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session closed for user root
May 31 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Failed password for root from 202.133.90.219 port 58942 ssh2
May 31 07:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Connection closed by 202.133.90.219 port 58942 [preauth]
May 31 07:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Failed password for root from 220.247.224.226 port 32065 ssh2
May 31 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Received disconnect from 220.247.224.226 port 32065:11: Bye Bye [preauth]
May 31 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Disconnected from 220.247.224.226 port 32065 [preauth]
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23054]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23052]: pam_unix(cron:session): session closed for user p13x
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23111]: Successful su for rubyman by root
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23111]: + ??? root:rubyman
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427833 of user rubyman.
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23111]: pam_unix(su:session): session closed for user rubyman
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427833.
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Invalid user internet from 5.161.127.143
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: input_userauth_request: invalid user internet [preauth]
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143
May 31 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Failed password for invalid user internet from 5.161.127.143 port 51524 ssh2
May 31 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session closed for user root
May 31 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Received disconnect from 5.161.127.143 port 51524:11: Bye Bye [preauth]
May 31 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Disconnected from 5.161.127.143 port 51524 [preauth]
May 31 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23053]: pam_unix(cron:session): session closed for user samftp
May 31 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Received disconnect from 186.233.184.67 port 60284:11: disconnected by user [preauth]
May 31 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Disconnected from 186.233.184.67 port 60284 [preauth]
May 31 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22223]: pam_unix(cron:session): session closed for user root
May 31 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Invalid user alex from 187.51.208.158
May 31 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: input_userauth_request: invalid user alex [preauth]
May 31 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session closed for user p13x
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23522]: Successful su for rubyman by root
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23522]: + ??? root:rubyman
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427838 of user rubyman.
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23522]: pam_unix(su:session): session closed for user rubyman
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427838.
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Failed password for invalid user alex from 187.51.208.158 port 53146 ssh2
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Received disconnect from 187.51.208.158 port 53146:11: Bye Bye [preauth]
May 31 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Disconnected from 187.51.208.158 port 53146 [preauth]
May 31 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user root
May 31 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Failed password for root from 202.133.90.219 port 40308 ssh2
May 31 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session closed for user samftp
May 31 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Connection closed by 202.133.90.219 port 40308 [preauth]
May 31 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: Invalid user mdm from 192.227.213.228
May 31 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: input_userauth_request: invalid user mdm [preauth]
May 31 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: Failed password for invalid user mdm from 192.227.213.228 port 42662 ssh2
May 31 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: Received disconnect from 192.227.213.228 port 42662:11: Bye Bye [preauth]
May 31 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23718]: Disconnected from 192.227.213.228 port 42662 [preauth]
May 31 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: Failed password for root from 147.45.199.80 port 43480 ssh2
May 31 07:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: Connection closed by 147.45.199.80 port 43480 [preauth]
May 31 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Invalid user customer from 5.161.127.143
May 31 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: input_userauth_request: invalid user customer [preauth]
May 31 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143
May 31 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Failed password for invalid user customer from 5.161.127.143 port 38572 ssh2
May 31 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Received disconnect from 5.161.127.143 port 38572:11: Bye Bye [preauth]
May 31 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Disconnected from 5.161.127.143 port 38572 [preauth]
May 31 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22649]: pam_unix(cron:session): session closed for user root
May 31 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for root from 220.247.224.226 port 31212 ssh2
May 31 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Received disconnect from 220.247.224.226 port 31212:11: Bye Bye [preauth]
May 31 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Disconnected from 220.247.224.226 port 31212 [preauth]
May 31 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23982]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23983]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session closed for user p13x
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: Successful su for rubyman by root
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: + ??? root:rubyman
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427843 of user rubyman.
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: pam_unix(su:session): session closed for user rubyman
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427843.
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
May 31 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user root
May 31 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Failed password for root from 37.120.213.13 port 37628 ssh2
May 31 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Connection closed by 37.120.213.13 port 37628 [preauth]
May 31 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23981]: pam_unix(cron:session): session closed for user samftp
May 31 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Failed password for root from 103.176.20.57 port 33548 ssh2
May 31 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Connection closed by 103.176.20.57 port 33548 [preauth]
May 31 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session closed for user root
May 31 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Failed password for root from 202.133.90.219 port 44966 ssh2
May 31 07:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Connection closed by 202.133.90.219 port 44966 [preauth]
May 31 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: Invalid user ubuntu from 187.51.208.158
May 31 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: Failed password for invalid user ubuntu from 187.51.208.158 port 39802 ssh2
May 31 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: Received disconnect from 187.51.208.158 port 39802:11: Bye Bye [preauth]
May 31 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: Disconnected from 187.51.208.158 port 39802 [preauth]
May 31 07:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Invalid user support from 192.227.213.228
May 31 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: input_userauth_request: invalid user support [preauth]
May 31 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Failed password for root from 5.161.127.143 port 56566 ssh2
May 31 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Received disconnect from 5.161.127.143 port 56566:11: Bye Bye [preauth]
May 31 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Disconnected from 5.161.127.143 port 56566 [preauth]
May 31 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Failed password for invalid user support from 192.227.213.228 port 43978 ssh2
May 31 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Received disconnect from 192.227.213.228 port 43978:11: Bye Bye [preauth]
May 31 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Disconnected from 192.227.213.228 port 43978 [preauth]
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session closed for user root
May 31 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24504]: pam_unix(cron:session): session closed for user p13x
May 31 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24572]: Successful su for rubyman by root
May 31 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24572]: + ??? root:rubyman
May 31 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427847 of user rubyman.
May 31 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24572]: pam_unix(su:session): session closed for user rubyman
May 31 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427847.
May 31 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session closed for user root
May 31 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session closed for user root
May 31 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session closed for user samftp
May 31 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Failed password for root from 220.247.224.226 port 36469 ssh2
May 31 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Received disconnect from 220.247.224.226 port 36469:11: Bye Bye [preauth]
May 31 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Disconnected from 220.247.224.226 port 36469 [preauth]
May 31 07:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Invalid user  from 176.65.132.22
May 31 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: input_userauth_request: invalid user  [preauth]
May 31 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Connection closed by 176.65.132.22 port 34038 [preauth]
May 31 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session closed for user root
May 31 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Failed password for root from 62.133.63.178 port 41522 ssh2
May 31 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Connection closed by 62.133.63.178 port 41522 [preauth]
May 31 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Invalid user user from 2.57.121.25
May 31 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: input_userauth_request: invalid user user [preauth]
May 31 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user user from 2.57.121.25 port 35055 ssh2
May 31 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user user from 2.57.121.25 port 35055 ssh2
May 31 07:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user user from 2.57.121.25 port 35055 ssh2
May 31 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user user from 2.57.121.25 port 35055 ssh2
May 31 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user user from 2.57.121.25 port 35055 ssh2
May 31 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Received disconnect from 2.57.121.25 port 35055:11: Bye [preauth]
May 31 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Disconnected from 2.57.121.25 port 35055 [preauth]
May 31 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Failed password for root from 109.237.96.109 port 39642 ssh2
May 31 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Connection closed by 109.237.96.109 port 39642 [preauth]
May 31 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24966]: pam_unix(cron:session): session closed for user p13x
May 31 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25044]: Successful su for rubyman by root
May 31 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25044]: + ??? root:rubyman
May 31 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427852 of user rubyman.
May 31 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25044]: pam_unix(su:session): session closed for user rubyman
May 31 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427852.
May 31 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session closed for user root
May 31 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24967]: pam_unix(cron:session): session closed for user samftp
May 31 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: Failed password for root from 202.133.90.219 port 53640 ssh2
May 31 07:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25252]: Failed password for root from 5.161.127.143 port 57468 ssh2
May 31 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25252]: Received disconnect from 5.161.127.143 port 57468:11: Bye Bye [preauth]
May 31 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25252]: Disconnected from 5.161.127.143 port 57468 [preauth]
May 31 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: Connection closed by 202.133.90.219 port 53640 [preauth]
May 31 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: Invalid user master from 176.65.132.22
May 31 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: input_userauth_request: invalid user master [preauth]
May 31 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: Invalid user kasia from 67.207.84.8
May 31 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: input_userauth_request: invalid user kasia [preauth]
May 31 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 07:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: Failed password for invalid user master from 176.65.132.22 port 41506 ssh2
May 31 07:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: Connection closed by 176.65.132.22 port 41506 [preauth]
May 31 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: Failed password for invalid user kasia from 67.207.84.8 port 60110 ssh2
May 31 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23983]: pam_unix(cron:session): session closed for user root
May 31 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: Connection closed by 67.207.84.8 port 60110 [preauth]
May 31 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: Invalid user potok from 176.65.132.22
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: input_userauth_request: invalid user potok [preauth]
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Invalid user user1 from 80.94.95.116
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: input_userauth_request: invalid user user1 [preauth]
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 07:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: Failed password for invalid user potok from 176.65.132.22 port 36628 ssh2
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: Invalid user ocean from 187.51.208.158
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: input_userauth_request: invalid user ocean [preauth]
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: Connection closed by 176.65.132.22 port 36628 [preauth]
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Failed password for invalid user user1 from 80.94.95.116 port 32162 ssh2
May 31 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Connection closed by 80.94.95.116 port 32162 [preauth]
May 31 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: Failed password for invalid user ocean from 187.51.208.158 port 54687 ssh2
May 31 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: Received disconnect from 187.51.208.158 port 54687:11: Bye Bye [preauth]
May 31 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: Disconnected from 187.51.208.158 port 54687 [preauth]
May 31 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: Invalid user vm from 176.65.132.22
May 31 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: input_userauth_request: invalid user vm [preauth]
May 31 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Failed password for root from 38.93.206.2 port 49506 ssh2
May 31 07:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Connection closed by 38.93.206.2 port 49506 [preauth]
May 31 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: Failed password for invalid user vm from 176.65.132.22 port 36634 ssh2
May 31 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: Connection closed by 176.65.132.22 port 36634 [preauth]
May 31 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228  user=root
May 31 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Failed password for root from 192.227.213.228 port 45294 ssh2
May 31 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Received disconnect from 192.227.213.228 port 45294:11: Bye Bye [preauth]
May 31 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Disconnected from 192.227.213.228 port 45294 [preauth]
May 31 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Failed password for root from 176.65.132.22 port 35428 ssh2
May 31 07:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Connection closed by 176.65.132.22 port 35428 [preauth]
May 31 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Invalid user ftpuser from 176.65.132.22
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: input_userauth_request: invalid user ftpuser [preauth]
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Failed password for root from 220.247.224.226 port 23751 ssh2
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Received disconnect from 220.247.224.226 port 23751:11: Bye Bye [preauth]
May 31 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Disconnected from 220.247.224.226 port 23751 [preauth]
May 31 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Failed password for invalid user ftpuser from 176.65.132.22 port 53208 ssh2
May 31 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Connection closed by 176.65.132.22 port 53208 [preauth]
May 31 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Invalid user deployer from 176.65.132.22
May 31 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: input_userauth_request: invalid user deployer [preauth]
May 31 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Failed password for invalid user deployer from 176.65.132.22 port 53222 ssh2
May 31 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Connection closed by 176.65.132.22 port 53222 [preauth]
May 31 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25406]: pam_unix(cron:session): session closed for user p13x
May 31 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25466]: Successful su for rubyman by root
May 31 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25466]: + ??? root:rubyman
May 31 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427856 of user rubyman.
May 31 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25466]: pam_unix(su:session): session closed for user rubyman
May 31 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427856.
May 31 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Invalid user deployer from 176.65.132.22
May 31 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: input_userauth_request: invalid user deployer [preauth]
May 31 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22648]: pam_unix(cron:session): session closed for user root
May 31 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Failed password for invalid user deployer from 176.65.132.22 port 53362 ssh2
May 31 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session closed for user samftp
May 31 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Connection closed by 176.65.132.22 port 53362 [preauth]
May 31 07:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Invalid user labuser from 176.65.132.22
May 31 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: input_userauth_request: invalid user labuser [preauth]
May 31 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Failed password for invalid user labuser from 176.65.132.22 port 53388 ssh2
May 31 07:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Connection closed by 176.65.132.22 port 53388 [preauth]
May 31 07:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: Invalid user cloud-user from 176.65.132.22
May 31 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: input_userauth_request: invalid user cloud-user [preauth]
May 31 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: Failed password for invalid user cloud-user from 176.65.132.22 port 33290 ssh2
May 31 07:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: Connection closed by 176.65.132.22 port 33290 [preauth]
May 31 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: Invalid user devuser from 176.65.132.22
May 31 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: input_userauth_request: invalid user devuser [preauth]
May 31 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: Failed password for root from 147.45.197.250 port 48668 ssh2
May 31 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: Connection closed by 147.45.197.250 port 48668 [preauth]
May 31 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: Failed password for invalid user devuser from 176.65.132.22 port 35008 ssh2
May 31 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: Connection closed by 176.65.132.22 port 35008 [preauth]
May 31 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Invalid user fivem from 176.65.132.22
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: input_userauth_request: invalid user fivem [preauth]
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Invalid user domingo from 213.209.159.56
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: input_userauth_request: invalid user domingo [preauth]
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Invalid user accounting from 191.5.31.61
May 31 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: input_userauth_request: invalid user accounting [preauth]
May 31 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for invalid user domingo from 213.209.159.56 port 56650 ssh2
May 31 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Failed password for invalid user fivem from 176.65.132.22 port 35012 ssh2
May 31 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Connection closed by 176.65.132.22 port 35012 [preauth]
May 31 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Failed password for invalid user accounting from 191.5.31.61 port 56778 ssh2
May 31 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Received disconnect from 191.5.31.61 port 56778:11: Bye Bye [preauth]
May 31 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Disconnected from 191.5.31.61 port 56778 [preauth]
May 31 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for invalid user domingo from 213.209.159.56 port 56650 ssh2
May 31 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Invalid user jenkins from 176.65.132.22
May 31 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: input_userauth_request: invalid user jenkins [preauth]
May 31 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for invalid user domingo from 213.209.159.56 port 56650 ssh2
May 31 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session closed for user root
May 31 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Failed password for invalid user jenkins from 176.65.132.22 port 59868 ssh2
May 31 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Connection closed by 176.65.132.22 port 59868 [preauth]
May 31 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for invalid user domingo from 213.209.159.56 port 56650 ssh2
May 31 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for invalid user domingo from 213.209.159.56 port 56650 ssh2
May 31 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Received disconnect from 213.209.159.56 port 56650:11: Bye [preauth]
May 31 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Disconnected from 213.209.159.56 port 56650 [preauth]
May 31 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: Invalid user jenkins from 176.65.132.22
May 31 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: input_userauth_request: invalid user jenkins [preauth]
May 31 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: Failed password for invalid user jenkins from 176.65.132.22 port 59870 ssh2
May 31 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: Connection closed by 176.65.132.22 port 59870 [preauth]
May 31 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Failed password for root from 202.133.90.219 port 47716 ssh2
May 31 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Connection closed by 202.133.90.219 port 47716 [preauth]
May 31 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Invalid user nginx from 176.65.132.22
May 31 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: input_userauth_request: invalid user nginx [preauth]
May 31 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: Failed password for root from 5.161.127.143 port 36360 ssh2
May 31 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: Received disconnect from 5.161.127.143 port 36360:11: Bye Bye [preauth]
May 31 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: Disconnected from 5.161.127.143 port 36360 [preauth]
May 31 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Failed password for invalid user nginx from 176.65.132.22 port 48352 ssh2
May 31 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Connection closed by 176.65.132.22 port 48352 [preauth]
May 31 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Invalid user elasticsearch from 176.65.132.22
May 31 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: input_userauth_request: invalid user elasticsearch [preauth]
May 31 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Failed password for invalid user elasticsearch from 176.65.132.22 port 38094 ssh2
May 31 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Connection closed by 176.65.132.22 port 38094 [preauth]
May 31 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Invalid user vpn from 176.65.132.22
May 31 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: input_userauth_request: invalid user vpn [preauth]
May 31 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Failed password for invalid user vpn from 176.65.132.22 port 38110 ssh2
May 31 07:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Connection closed by 176.65.132.22 port 38110 [preauth]
May 31 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: Connection closed by 210.16.168.11 port 43914 [preauth]
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user p13x
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: Successful su for rubyman by root
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: + ??? root:rubyman
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427860 of user rubyman.
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: pam_unix(su:session): session closed for user rubyman
May 31 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427860.
May 31 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Invalid user stack from 176.65.132.22
May 31 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: input_userauth_request: invalid user stack [preauth]
May 31 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23054]: pam_unix(cron:session): session closed for user root
May 31 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session closed for user samftp
May 31 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user stack from 176.65.132.22 port 50064 ssh2
May 31 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Connection closed by 176.65.132.22 port 50064 [preauth]
May 31 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Invalid user ai from 176.65.132.22
May 31 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: input_userauth_request: invalid user ai [preauth]
May 31 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for invalid user ai from 176.65.132.22 port 50078 ssh2
May 31 07:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Connection closed by 176.65.132.22 port 50078 [preauth]
May 31 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Invalid user home from 176.65.132.22
May 31 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: input_userauth_request: invalid user home [preauth]
May 31 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Failed password for invalid user home from 176.65.132.22 port 39804 ssh2
May 31 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Connection closed by 176.65.132.22 port 39804 [preauth]
May 31 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for root from 193.228.128.84 port 52088 ssh2
May 31 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 193.228.128.84 port 52088 [preauth]
May 31 07:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Failed password for root from 176.65.132.22 port 39844 ssh2
May 31 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Connection closed by 176.65.132.22 port 39844 [preauth]
May 31 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158  user=root
May 31 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Invalid user webuser from 176.65.132.22
May 31 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: input_userauth_request: invalid user webuser [preauth]
May 31 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Failed password for root from 187.51.208.158 port 41342 ssh2
May 31 07:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Received disconnect from 187.51.208.158 port 41342:11: Bye Bye [preauth]
May 31 07:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Disconnected from 187.51.208.158 port 41342 [preauth]
May 31 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Failed password for invalid user webuser from 176.65.132.22 port 57790 ssh2
May 31 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Connection closed by 176.65.132.22 port 57790 [preauth]
May 31 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Failed password for root from 176.65.132.22 port 57798 ssh2
May 31 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Failed password for root from 220.247.224.226 port 31273 ssh2
May 31 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Connection closed by 176.65.132.22 port 57798 [preauth]
May 31 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Received disconnect from 220.247.224.226 port 31273:11: Bye Bye [preauth]
May 31 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Disconnected from 220.247.224.226 port 31273 [preauth]
May 31 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session closed for user root
May 31 07:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Invalid user maill from 192.227.213.228
May 31 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: input_userauth_request: invalid user maill [preauth]
May 31 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Failed password for invalid user maill from 192.227.213.228 port 46632 ssh2
May 31 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26188]: Failed password for root from 176.65.132.22 port 42032 ssh2
May 31 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Received disconnect from 192.227.213.228 port 46632:11: Bye Bye [preauth]
May 31 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Disconnected from 192.227.213.228 port 46632 [preauth]
May 31 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26188]: Connection closed by 176.65.132.22 port 42032 [preauth]
May 31 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Invalid user www from 176.65.132.22
May 31 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: input_userauth_request: invalid user www [preauth]
May 31 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Failed password for invalid user www from 176.65.132.22 port 41034 ssh2
May 31 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Connection closed by 176.65.132.22 port 41034 [preauth]
May 31 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Failed password for root from 176.65.132.22 port 41036 ssh2
May 31 07:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Connection closed by 176.65.132.22 port 41036 [preauth]
May 31 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Invalid user bitrix from 176.65.132.22
May 31 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: input_userauth_request: invalid user bitrix [preauth]
May 31 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Failed password for invalid user bitrix from 176.65.132.22 port 51936 ssh2
May 31 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Connection closed by 176.65.132.22 port 51936 [preauth]
May 31 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Invalid user admin1 from 176.65.132.22
May 31 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: input_userauth_request: invalid user admin1 [preauth]
May 31 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Failed password for invalid user admin1 from 176.65.132.22 port 51942 ssh2
May 31 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Connection closed by 176.65.132.22 port 51942 [preauth]
May 31 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session closed for user p13x
May 31 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26319]: Successful su for rubyman by root
May 31 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26319]: + ??? root:rubyman
May 31 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427865 of user rubyman.
May 31 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26319]: pam_unix(su:session): session closed for user rubyman
May 31 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427865.
May 31 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session closed for user root
May 31 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session closed for user samftp
May 31 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26428]: Failed password for root from 176.65.132.22 port 43194 ssh2
May 31 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26428]: Connection closed by 176.65.132.22 port 43194 [preauth]
May 31 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Invalid user data from 176.65.132.22
May 31 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: input_userauth_request: invalid user data [preauth]
May 31 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Failed password for invalid user data from 176.65.132.22 port 43206 ssh2
May 31 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Connection closed by 176.65.132.22 port 43206 [preauth]
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Failed password for root from 5.161.127.143 port 59280 ssh2
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Received disconnect from 5.161.127.143 port 59280:11: Bye Bye [preauth]
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Disconnected from 5.161.127.143 port 59280 [preauth]
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Failed password for root from 89.108.118.91 port 56496 ssh2
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26498]: Failed password for root from 202.133.90.219 port 54598 ssh2
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Connection closed by 89.108.118.91 port 56496 [preauth]
May 31 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: Invalid user deploy from 176.65.132.22
May 31 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: input_userauth_request: invalid user deploy [preauth]
May 31 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26498]: Connection closed by 202.133.90.219 port 54598 [preauth]
May 31 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: Failed password for invalid user deploy from 176.65.132.22 port 41062 ssh2
May 31 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: Connection closed by 176.65.132.22 port 41062 [preauth]
May 31 07:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Invalid user deploy from 176.65.132.22
May 31 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: input_userauth_request: invalid user deploy [preauth]
May 31 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Failed password for invalid user deploy from 176.65.132.22 port 41074 ssh2
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Connection closed by 176.65.132.22 port 41074 [preauth]
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Invalid user admin from 2.57.121.112
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: input_userauth_request: invalid user admin [preauth]
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for invalid user admin from 2.57.121.112 port 14837 ssh2
May 31 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for invalid user admin from 2.57.121.112 port 14837 ssh2
May 31 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Failed password for root from 176.65.132.22 port 37118 ssh2
May 31 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Connection closed by 176.65.132.22 port 37118 [preauth]
May 31 07:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for invalid user admin from 2.57.121.112 port 14837 ssh2
May 31 07:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Invalid user support from 176.65.132.22
May 31 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: input_userauth_request: invalid user support [preauth]
May 31 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for invalid user admin from 2.57.121.112 port 14837 ssh2
May 31 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session closed for user root
May 31 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Failed password for invalid user support from 176.65.132.22 port 35822 ssh2
May 31 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Connection closed by 176.65.132.22 port 35822 [preauth]
May 31 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for invalid user admin from 2.57.121.112 port 14837 ssh2
May 31 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Received disconnect from 2.57.121.112 port 14837:11: Bye [preauth]
May 31 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Disconnected from 2.57.121.112 port 14837 [preauth]
May 31 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Invalid user kafka from 176.65.132.22
May 31 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: input_userauth_request: invalid user kafka [preauth]
May 31 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for invalid user kafka from 176.65.132.22 port 35828 ssh2
May 31 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Connection closed by 176.65.132.22 port 35828 [preauth]
May 31 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26623]: Failed password for root from 176.65.132.22 port 49600 ssh2
May 31 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26623]: Connection closed by 176.65.132.22 port 49600 [preauth]
May 31 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Failed password for root from 176.65.132.22 port 49614 ssh2
May 31 07:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Connection closed by 176.65.132.22 port 49614 [preauth]
May 31 07:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Invalid user username from 176.65.132.22
May 31 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: input_userauth_request: invalid user username [preauth]
May 31 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Failed password for invalid user username from 176.65.132.22 port 47238 ssh2
May 31 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Connection closed by 176.65.132.22 port 47238 [preauth]
May 31 07:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Invalid user deploy from 176.65.132.22
May 31 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: input_userauth_request: invalid user deploy [preauth]
May 31 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session closed for user root
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session closed for user p13x
May 31 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Failed password for invalid user deploy from 176.65.132.22 port 47248 ssh2
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Connection closed by 176.65.132.22 port 47248 [preauth]
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: Successful su for rubyman by root
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: + ??? root:rubyman
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427870 of user rubyman.
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: pam_unix(su:session): session closed for user rubyman
May 31 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427870.
May 31 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session closed for user root
May 31 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23982]: pam_unix(cron:session): session closed for user root
May 31 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Invalid user odoo14 from 176.65.132.22
May 31 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: input_userauth_request: invalid user odoo14 [preauth]
May 31 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session closed for user samftp
May 31 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Failed password for root from 220.247.224.226 port 44182 ssh2
May 31 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Failed password for invalid user odoo14 from 176.65.132.22 port 49992 ssh2
May 31 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Connection closed by 176.65.132.22 port 49992 [preauth]
May 31 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Received disconnect from 220.247.224.226 port 44182:11: Bye Bye [preauth]
May 31 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Disconnected from 220.247.224.226 port 44182 [preauth]
May 31 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: User ftp from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: input_userauth_request: invalid user ftp [preauth]
May 31 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=ftp
May 31 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: Failed password for invalid user ftp from 176.65.132.22 port 50006 ssh2
May 31 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: Connection closed by 176.65.132.22 port 50006 [preauth]
May 31 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Invalid user gitlab-runner from 176.65.132.22
May 31 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: input_userauth_request: invalid user gitlab-runner [preauth]
May 31 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Invalid user dummy from 187.51.208.158
May 31 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: input_userauth_request: invalid user dummy [preauth]
May 31 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Failed password for invalid user gitlab-runner from 176.65.132.22 port 47676 ssh2
May 31 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Connection closed by 176.65.132.22 port 47676 [preauth]
May 31 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Failed password for invalid user dummy from 187.51.208.158 port 56234 ssh2
May 31 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Received disconnect from 187.51.208.158 port 56234:11: Bye Bye [preauth]
May 31 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Disconnected from 187.51.208.158 port 56234 [preauth]
May 31 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Invalid user minecraft from 176.65.132.22
May 31 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: input_userauth_request: invalid user minecraft [preauth]
May 31 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Failed password for invalid user minecraft from 176.65.132.22 port 45870 ssh2
May 31 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Connection closed by 176.65.132.22 port 45870 [preauth]
May 31 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: Failed password for root from 176.65.132.22 port 45872 ssh2
May 31 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: Connection closed by 176.65.132.22 port 45872 [preauth]
May 31 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session closed for user root
May 31 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Received disconnect from 185.106.103.134 port 52168:11: disconnected by user [preauth]
May 31 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Disconnected from 185.106.103.134 port 52168 [preauth]
May 31 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Invalid user calvin from 176.65.132.22
May 31 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: input_userauth_request: invalid user calvin [preauth]
May 31 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Failed password for invalid user calvin from 176.65.132.22 port 52872 ssh2
May 31 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Connection closed by 176.65.132.22 port 52872 [preauth]
May 31 07:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Invalid user ubuntu from 176.65.132.22
May 31 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Invalid user mdepaula from 192.227.213.228
May 31 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: input_userauth_request: invalid user mdepaula [preauth]
May 31 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Failed password for invalid user ubuntu from 176.65.132.22 port 52886 ssh2
May 31 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Connection closed by 176.65.132.22 port 52886 [preauth]
May 31 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Failed password for root from 5.161.127.143 port 37326 ssh2
May 31 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Received disconnect from 5.161.127.143 port 37326:11: Bye Bye [preauth]
May 31 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Disconnected from 5.161.127.143 port 37326 [preauth]
May 31 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Failed password for invalid user mdepaula from 192.227.213.228 port 47970 ssh2
May 31 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Received disconnect from 192.227.213.228 port 47970:11: Bye Bye [preauth]
May 31 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Disconnected from 192.227.213.228 port 47970 [preauth]
May 31 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27186]: Failed password for root from 176.65.132.22 port 40676 ssh2
May 31 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27186]: Connection closed by 176.65.132.22 port 40676 [preauth]
May 31 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Invalid user deployer from 176.65.132.22
May 31 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: input_userauth_request: invalid user deployer [preauth]
May 31 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: Failed password for root from 202.133.90.219 port 58318 ssh2
May 31 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Failed password for invalid user deployer from 176.65.132.22 port 42974 ssh2
May 31 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Connection closed by 176.65.132.22 port 42974 [preauth]
May 31 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: Connection closed by 202.133.90.219 port 58318 [preauth]
May 31 07:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: Invalid user deployer from 176.65.132.22
May 31 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: input_userauth_request: invalid user deployer [preauth]
May 31 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: Failed password for invalid user deployer from 176.65.132.22 port 42982 ssh2
May 31 07:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: Connection closed by 176.65.132.22 port 42982 [preauth]
May 31 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session closed for user p13x
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27311]: Successful su for rubyman by root
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27311]: + ??? root:rubyman
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427874 of user rubyman.
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27311]: pam_unix(su:session): session closed for user rubyman
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427874.
May 31 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: Invalid user root1 from 176.65.132.22
May 31 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: input_userauth_request: invalid user root1 [preauth]
May 31 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session closed for user root
May 31 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session closed for user samftp
May 31 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: Failed password for invalid user root1 from 176.65.132.22 port 34306 ssh2
May 31 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: Connection closed by 176.65.132.22 port 34306 [preauth]
May 31 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: Invalid user lucas from 176.65.132.22
May 31 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: input_userauth_request: invalid user lucas [preauth]
May 31 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: Failed password for invalid user lucas from 176.65.132.22 port 34318 ssh2
May 31 07:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: Connection closed by 176.65.132.22 port 34318 [preauth]
May 31 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Invalid user home from 172.174.17.234
May 31 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: input_userauth_request: invalid user home [preauth]
May 31 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234
May 31 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Failed password for invalid user home from 172.174.17.234 port 37478 ssh2
May 31 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Received disconnect from 172.174.17.234 port 37478:11: Bye Bye [preauth]
May 31 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Disconnected from 172.174.17.234 port 37478 [preauth]
May 31 07:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: Invalid user deploy from 176.65.132.22
May 31 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: input_userauth_request: invalid user deploy [preauth]
May 31 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: Failed password for invalid user deploy from 176.65.132.22 port 51890 ssh2
May 31 07:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27530]: Connection closed by 176.65.132.22 port 51890 [preauth]
May 31 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Invalid user clawdbot from 176.65.132.22
May 31 07:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: input_userauth_request: invalid user clawdbot [preauth]
May 31 07:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Failed password for invalid user clawdbot from 176.65.132.22 port 51916 ssh2
May 31 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Connection closed by 176.65.132.22 port 51916 [preauth]
May 31 07:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Invalid user ubuntu from 176.65.132.22
May 31 07:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Failed password for invalid user ubuntu from 176.65.132.22 port 49224 ssh2
May 31 07:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Connection closed by 176.65.132.22 port 49224 [preauth]
May 31 07:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Invalid user git from 176.65.132.22
May 31 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: input_userauth_request: invalid user git [preauth]
May 31 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session closed for user root
May 31 07:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Failed password for invalid user git from 176.65.132.22 port 49874 ssh2
May 31 07:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Connection closed by 176.65.132.22 port 49874 [preauth]
May 31 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Invalid user customer from 220.247.224.226
May 31 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: input_userauth_request: invalid user customer [preauth]
May 31 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
May 31 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Failed password for invalid user customer from 220.247.224.226 port 11715 ssh2
May 31 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Received disconnect from 220.247.224.226 port 11715:11: Bye Bye [preauth]
May 31 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Disconnected from 220.247.224.226 port 11715 [preauth]
May 31 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: Invalid user erpnext from 176.65.132.22
May 31 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: input_userauth_request: invalid user erpnext [preauth]
May 31 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: Failed password for invalid user erpnext from 176.65.132.22 port 49882 ssh2
May 31 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27612]: Connection closed by 176.65.132.22 port 49882 [preauth]
May 31 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Invalid user tomcat from 176.65.132.22
May 31 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: input_userauth_request: invalid user tomcat [preauth]
May 31 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Failed password for invalid user tomcat from 176.65.132.22 port 41390 ssh2
May 31 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Connection closed by 176.65.132.22 port 41390 [preauth]
May 31 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: Invalid user admin from 176.65.132.22
May 31 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: input_userauth_request: invalid user admin [preauth]
May 31 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: Failed password for invalid user admin from 176.65.132.22 port 41392 ssh2
May 31 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27654]: Connection closed by 176.65.132.22 port 41392 [preauth]
May 31 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Invalid user test from 176.65.132.22
May 31 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: input_userauth_request: invalid user test [preauth]
May 31 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for invalid user test from 176.65.132.22 port 48760 ssh2
May 31 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Connection closed by 176.65.132.22 port 48760 [preauth]
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session closed for user root
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session closed for user p13x
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27745]: Successful su for rubyman by root
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27745]: + ??? root:rubyman
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427878 of user rubyman.
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27745]: pam_unix(su:session): session closed for user rubyman
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427878.
May 31 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: Invalid user crafty from 176.65.132.22
May 31 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: input_userauth_request: invalid user crafty [preauth]
May 31 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: Failed password for invalid user crafty from 176.65.132.22 port 50908 ssh2
May 31 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session closed for user root
May 31 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: Connection closed by 176.65.132.22 port 50908 [preauth]
May 31 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.127.143  user=root
May 31 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27677]: pam_unix(cron:session): session closed for user samftp
May 31 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Failed password for root from 5.161.127.143 port 38804 ssh2
May 31 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Received disconnect from 5.161.127.143 port 38804:11: Bye Bye [preauth]
May 31 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Disconnected from 5.161.127.143 port 38804 [preauth]
May 31 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: Invalid user ubuntu from 176.65.132.22
May 31 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Invalid user cody from 187.51.208.158
May 31 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: input_userauth_request: invalid user cody [preauth]
May 31 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: Failed password for invalid user ubuntu from 176.65.132.22 port 50914 ssh2
May 31 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27940]: Connection closed by 176.65.132.22 port 50914 [preauth]
May 31 07:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Failed password for invalid user cody from 187.51.208.158 port 42893 ssh2
May 31 07:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Received disconnect from 187.51.208.158 port 42893:11: Bye Bye [preauth]
May 31 07:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Disconnected from 187.51.208.158 port 42893 [preauth]
May 31 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Invalid user ubuntu from 176.65.132.22
May 31 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user ubuntu from 176.65.132.22 port 41968 ssh2
May 31 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Connection closed by 176.65.132.22 port 41968 [preauth]
May 31 07:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Invalid user hamed from 176.65.132.22
May 31 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: input_userauth_request: invalid user hamed [preauth]
May 31 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Failed password for invalid user hamed from 176.65.132.22 port 41974 ssh2
May 31 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Connection closed by 176.65.132.22 port 41974 [preauth]
May 31 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Failed password for root from 202.133.90.219 port 38184 ssh2
May 31 07:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Connection closed by 202.133.90.219 port 38184 [preauth]
May 31 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Invalid user jay from 176.65.132.22
May 31 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: input_userauth_request: invalid user jay [preauth]
May 31 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Failed password for invalid user jay from 176.65.132.22 port 40266 ssh2
May 31 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Connection closed by 176.65.132.22 port 40266 [preauth]
May 31 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Invalid user user1 from 176.65.132.22
May 31 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: input_userauth_request: invalid user user1 [preauth]
May 31 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Failed password for invalid user user1 from 176.65.132.22 port 40280 ssh2
May 31 07:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Connection closed by 176.65.132.22 port 40280 [preauth]
May 31 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session closed for user root
May 31 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: Invalid user root1 from 176.65.132.22
May 31 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: input_userauth_request: invalid user root1 [preauth]
May 31 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: Failed password for invalid user root1 from 176.65.132.22 port 60424 ssh2
May 31 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28053]: Connection closed by 176.65.132.22 port 60424 [preauth]
May 31 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228  user=root
May 31 07:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Invalid user admin from 176.65.132.22
May 31 07:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: input_userauth_request: invalid user admin [preauth]
May 31 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: Failed password for root from 192.227.213.228 port 49306 ssh2
May 31 07:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: Received disconnect from 192.227.213.228 port 49306:11: Bye Bye [preauth]
May 31 07:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: Disconnected from 192.227.213.228 port 49306 [preauth]
May 31 07:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Failed password for invalid user admin from 176.65.132.22 port 60442 ssh2
May 31 07:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Connection closed by 176.65.132.22 port 60442 [preauth]
May 31 07:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: Invalid user bot from 176.65.132.22
May 31 07:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: input_userauth_request: invalid user bot [preauth]
May 31 07:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: Failed password for invalid user bot from 176.65.132.22 port 47558 ssh2
May 31 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: Connection closed by 176.65.132.22 port 47558 [preauth]
May 31 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Invalid user bot from 176.65.132.22
May 31 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: input_userauth_request: invalid user bot [preauth]
May 31 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Failed password for invalid user bot from 176.65.132.22 port 40070 ssh2
May 31 07:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Connection closed by 176.65.132.22 port 40070 [preauth]
May 31 07:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: Invalid user postgres from 176.65.132.22
May 31 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: input_userauth_request: invalid user postgres [preauth]
May 31 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: Failed password for invalid user postgres from 176.65.132.22 port 40080 ssh2
May 31 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: Connection closed by 176.65.132.22 port 40080 [preauth]
May 31 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28178]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session closed for user p13x
May 31 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28236]: Successful su for rubyman by root
May 31 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28236]: + ??? root:rubyman
May 31 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427883 of user rubyman.
May 31 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28236]: pam_unix(su:session): session closed for user rubyman
May 31 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427883.
May 31 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: Invalid user postgres from 176.65.132.22
May 31 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: input_userauth_request: invalid user postgres [preauth]
May 31 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session closed for user root
May 31 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session closed for user samftp
May 31 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: Failed password for invalid user postgres from 176.65.132.22 port 52478 ssh2
May 31 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: Connection closed by 176.65.132.22 port 52478 [preauth]
May 31 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Invalid user internet from 220.247.224.226
May 31 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: input_userauth_request: invalid user internet [preauth]
May 31 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
May 31 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: Invalid user martin from 176.65.132.22
May 31 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: input_userauth_request: invalid user martin [preauth]
May 31 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Failed password for invalid user internet from 220.247.224.226 port 9772 ssh2
May 31 07:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Received disconnect from 220.247.224.226 port 9772:11: Bye Bye [preauth]
May 31 07:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Disconnected from 220.247.224.226 port 9772 [preauth]
May 31 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: Failed password for invalid user martin from 176.65.132.22 port 52498 ssh2
May 31 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28421]: Connection closed by 176.65.132.22 port 52498 [preauth]
May 31 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Invalid user admin from 176.65.132.22
May 31 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: input_userauth_request: invalid user admin [preauth]
May 31 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user admin from 176.65.132.22 port 55038 ssh2
May 31 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Connection closed by 176.65.132.22 port 55038 [preauth]
May 31 07:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Invalid user admin from 176.65.132.22
May 31 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: input_userauth_request: invalid user admin [preauth]
May 31 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Failed password for invalid user admin from 176.65.132.22 port 53750 ssh2
May 31 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Connection closed by 176.65.132.22 port 53750 [preauth]
May 31 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: Invalid user claude from 176.65.132.22
May 31 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: input_userauth_request: invalid user claude [preauth]
May 31 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: Failed password for invalid user claude from 176.65.132.22 port 53764 ssh2
May 31 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: Connection closed by 176.65.132.22 port 53764 [preauth]
May 31 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Failed password for root from 37.233.85.71 port 55012 ssh2
May 31 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Connection closed by 37.233.85.71 port 55012 [preauth]
May 31 07:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: Invalid user ftpuser from 176.65.132.22
May 31 07:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: input_userauth_request: invalid user ftpuser [preauth]
May 31 07:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user root
May 31 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: Failed password for invalid user ftpuser from 176.65.132.22 port 32980 ssh2
May 31 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: Connection closed by 176.65.132.22 port 32980 [preauth]
May 31 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28535]: Failed password for root from 176.65.132.22 port 32990 ssh2
May 31 07:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28535]: Connection closed by 176.65.132.22 port 32990 [preauth]
May 31 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: Invalid user runner from 176.65.132.22
May 31 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: input_userauth_request: invalid user runner [preauth]
May 31 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: Failed password for invalid user runner from 176.65.132.22 port 52120 ssh2
May 31 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28534]: Failed password for root from 202.133.90.219 port 50908 ssh2
May 31 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: Connection closed by 176.65.132.22 port 52120 [preauth]
May 31 07:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28534]: Connection closed by 202.133.90.219 port 50908 [preauth]
May 31 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Invalid user root1 from 176.65.132.22
May 31 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: input_userauth_request: invalid user root1 [preauth]
May 31 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Failed password for invalid user root1 from 176.65.132.22 port 52124 ssh2
May 31 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Connection closed by 176.65.132.22 port 52124 [preauth]
May 31 07:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Invalid user fred from 176.65.132.22
May 31 07:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: input_userauth_request: invalid user fred [preauth]
May 31 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Failed password for invalid user fred from 176.65.132.22 port 57500 ssh2
May 31 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Connection closed by 176.65.132.22 port 57500 [preauth]
May 31 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28695]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28693]: pam_unix(cron:session): session closed for user p13x
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: Successful su for rubyman by root
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: + ??? root:rubyman
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427887 of user rubyman.
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: pam_unix(su:session): session closed for user rubyman
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427887.
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Invalid user jagdish from 187.51.208.158
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: input_userauth_request: invalid user jagdish [preauth]
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Failed password for root from 176.65.132.22 port 57514 ssh2
May 31 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Connection closed by 176.65.132.22 port 57514 [preauth]
May 31 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session closed for user root
May 31 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Failed password for invalid user jagdish from 187.51.208.158 port 57781 ssh2
May 31 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Received disconnect from 187.51.208.158 port 57781:11: Bye Bye [preauth]
May 31 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Disconnected from 187.51.208.158 port 57781 [preauth]
May 31 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28694]: pam_unix(cron:session): session closed for user samftp
May 31 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Invalid user hadoop from 176.65.132.22
May 31 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: input_userauth_request: invalid user hadoop [preauth]
May 31 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Failed password for invalid user hadoop from 176.65.132.22 port 36518 ssh2
May 31 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Connection closed by 176.65.132.22 port 36518 [preauth]
May 31 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Invalid user conference from 67.207.84.8
May 31 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: input_userauth_request: invalid user conference [preauth]
May 31 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Invalid user pi from 176.65.132.22
May 31 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: input_userauth_request: invalid user pi [preauth]
May 31 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Failed password for invalid user conference from 67.207.84.8 port 34152 ssh2
May 31 07:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Connection closed by 67.207.84.8 port 34152 [preauth]
May 31 07:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Failed password for invalid user pi from 176.65.132.22 port 55674 ssh2
May 31 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Connection closed by 176.65.132.22 port 55674 [preauth]
May 31 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Invalid user pi from 176.65.132.22
May 31 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: input_userauth_request: invalid user pi [preauth]
May 31 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Failed password for invalid user pi from 176.65.132.22 port 55676 ssh2
May 31 07:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Connection closed by 176.65.132.22 port 55676 [preauth]
May 31 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: Invalid user worker from 176.65.132.22
May 31 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: input_userauth_request: invalid user worker [preauth]
May 31 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: Failed password for invalid user worker from 176.65.132.22 port 60816 ssh2
May 31 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28978]: Connection closed by 176.65.132.22 port 60816 [preauth]
May 31 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Failed password for root from 176.65.132.22 port 60822 ssh2
May 31 07:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Connection closed by 176.65.132.22 port 60822 [preauth]
May 31 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session closed for user root
May 31 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Invalid user minecraft from 192.227.213.228
May 31 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: input_userauth_request: invalid user minecraft [preauth]
May 31 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: User john from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: input_userauth_request: invalid user john [preauth]
May 31 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=john
May 31 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Failed password for invalid user minecraft from 192.227.213.228 port 50634 ssh2
May 31 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Received disconnect from 192.227.213.228 port 50634:11: Bye Bye [preauth]
May 31 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Disconnected from 192.227.213.228 port 50634 [preauth]
May 31 07:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Failed password for invalid user john from 176.65.132.22 port 59502 ssh2
May 31 07:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Connection closed by 176.65.132.22 port 59502 [preauth]
May 31 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: Invalid user sftpuser from 176.65.132.22
May 31 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: input_userauth_request: invalid user sftpuser [preauth]
May 31 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: Failed password for invalid user sftpuser from 176.65.132.22 port 59534 ssh2
May 31 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29054]: Connection closed by 176.65.132.22 port 59534 [preauth]
May 31 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Failed password for root from 220.247.224.226 port 44696 ssh2
May 31 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Received disconnect from 220.247.224.226 port 44696:11: Bye Bye [preauth]
May 31 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Disconnected from 220.247.224.226 port 44696 [preauth]
May 31 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Failed password for root from 176.65.132.22 port 33728 ssh2
May 31 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Connection closed by 176.65.132.22 port 33728 [preauth]
May 31 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Invalid user odoo16 from 176.65.132.22
May 31 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: input_userauth_request: invalid user odoo16 [preauth]
May 31 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Failed password for invalid user odoo16 from 176.65.132.22 port 42934 ssh2
May 31 07:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Connection closed by 176.65.132.22 port 42934 [preauth]
May 31 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Invalid user debian from 176.65.132.22
May 31 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: input_userauth_request: invalid user debian [preauth]
May 31 07:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Failed password for invalid user debian from 176.65.132.22 port 42942 ssh2
May 31 07:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Connection closed by 176.65.132.22 port 42942 [preauth]
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29122]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29122]: pam_unix(cron:session): session closed for user root
May 31 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session closed for user p13x
May 31 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: Successful su for rubyman by root
May 31 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: + ??? root:rubyman
May 31 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427893 of user rubyman.
May 31 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: pam_unix(su:session): session closed for user rubyman
May 31 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427893.
May 31 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Invalid user app from 176.65.132.22
May 31 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: input_userauth_request: invalid user app [preauth]
May 31 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session closed for user root
May 31 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session closed for user root
May 31 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for invalid user app from 176.65.132.22 port 49546 ssh2
May 31 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Connection closed by 176.65.132.22 port 49546 [preauth]
May 31 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session closed for user samftp
May 31 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Invalid user claude from 176.65.132.22
May 31 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: input_userauth_request: invalid user claude [preauth]
May 31 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Failed password for invalid user claude from 176.65.132.22 port 49558 ssh2
May 31 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Connection closed by 176.65.132.22 port 49558 [preauth]
May 31 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29395]: Failed password for root from 202.133.90.219 port 36890 ssh2
May 31 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: Invalid user admin from 176.65.132.22
May 31 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: input_userauth_request: invalid user admin [preauth]
May 31 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29395]: Connection closed by 202.133.90.219 port 36890 [preauth]
May 31 07:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: Failed password for invalid user admin from 176.65.132.22 port 55300 ssh2
May 31 07:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: Connection closed by 176.65.132.22 port 55300 [preauth]
May 31 07:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Invalid user devops from 176.65.132.22
May 31 07:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: input_userauth_request: invalid user devops [preauth]
May 31 07:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Failed password for invalid user devops from 176.65.132.22 port 55310 ssh2
May 31 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Connection closed by 176.65.132.22 port 55310 [preauth]
May 31 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Invalid user administrator from 176.65.132.22
May 31 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: input_userauth_request: invalid user administrator [preauth]
May 31 07:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Failed password for invalid user administrator from 176.65.132.22 port 42884 ssh2
May 31 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Connection closed by 176.65.132.22 port 42884 [preauth]
May 31 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session closed for user root
May 31 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Failed password for root from 176.65.132.22 port 51228 ssh2
May 31 07:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Connection closed by 176.65.132.22 port 51228 [preauth]
May 31 07:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Invalid user mohammad from 176.65.132.22
May 31 07:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: input_userauth_request: invalid user mohammad [preauth]
May 31 07:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Failed password for invalid user mohammad from 176.65.132.22 port 51234 ssh2
May 31 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Connection closed by 176.65.132.22 port 51234 [preauth]
May 31 07:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Invalid user ec2-user from 176.65.132.22
May 31 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: input_userauth_request: invalid user ec2-user [preauth]
May 31 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Failed password for invalid user ec2-user from 176.65.132.22 port 57276 ssh2
May 31 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Connection closed by 176.65.132.22 port 57276 [preauth]
May 31 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Invalid user deposito from 187.51.208.158
May 31 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: input_userauth_request: invalid user deposito [preauth]
May 31 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158
May 31 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Invalid user core from 176.65.132.22
May 31 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: input_userauth_request: invalid user core [preauth]
May 31 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Failed password for invalid user deposito from 187.51.208.158 port 44436 ssh2
May 31 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for invalid user core from 176.65.132.22 port 57280 ssh2
May 31 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Received disconnect from 187.51.208.158 port 44436:11: Bye Bye [preauth]
May 31 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Disconnected from 187.51.208.158 port 44436 [preauth]
May 31 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Connection closed by 176.65.132.22 port 57280 [preauth]
May 31 07:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: Invalid user drcomadmin from 176.65.132.22
May 31 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: input_userauth_request: invalid user drcomadmin [preauth]
May 31 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: Failed password for invalid user drcomadmin from 176.65.132.22 port 56018 ssh2
May 31 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29663]: Connection closed by 176.65.132.22 port 56018 [preauth]
May 31 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Invalid user developer from 176.65.132.22
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: input_userauth_request: invalid user developer [preauth]
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29680]: pam_unix(cron:session): session closed for user p13x
May 31 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29777]: Successful su for rubyman by root
May 31 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29777]: + ??? root:rubyman
May 31 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427897 of user rubyman.
May 31 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29777]: pam_unix(su:session): session closed for user rubyman
May 31 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427897.
May 31 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for invalid user developer from 176.65.132.22 port 49206 ssh2
May 31 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 176.65.132.22 port 49206 [preauth]
May 31 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session closed for user root
May 31 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29869]: Failed password for root from 37.120.213.13 port 51920 ssh2
May 31 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session closed for user samftp
May 31 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29869]: Connection closed by 37.120.213.13 port 51920 [preauth]
May 31 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Invalid user ranga from 176.65.132.22
May 31 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: input_userauth_request: invalid user ranga [preauth]
May 31 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Failed password for invalid user ranga from 176.65.132.22 port 49212 ssh2
May 31 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Connection closed by 176.65.132.22 port 49212 [preauth]
May 31 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Invalid user hadoop from 176.65.132.22
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: input_userauth_request: invalid user hadoop [preauth]
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Invalid user alice from 191.5.31.61
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: input_userauth_request: invalid user alice [preauth]
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Failed password for invalid user alice from 191.5.31.61 port 54136 ssh2
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Failed password for invalid user hadoop from 176.65.132.22 port 36296 ssh2
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Received disconnect from 191.5.31.61 port 54136:11: Bye Bye [preauth]
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Disconnected from 191.5.31.61 port 54136 [preauth]
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Connection closed by 176.65.132.22 port 36296 [preauth]
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Failed password for root from 172.174.17.234 port 46090 ssh2
May 31 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Received disconnect from 172.174.17.234 port 46090:11: Bye Bye [preauth]
May 31 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Disconnected from 172.174.17.234 port 46090 [preauth]
May 31 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Invalid user rocky from 176.65.132.22
May 31 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: input_userauth_request: invalid user rocky [preauth]
May 31 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Failed password for invalid user rocky from 176.65.132.22 port 36312 ssh2
May 31 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Connection closed by 176.65.132.22 port 36312 [preauth]
May 31 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Invalid user milan from 220.247.224.226
May 31 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: input_userauth_request: invalid user milan [preauth]
May 31 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
May 31 07:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Failed password for invalid user milan from 220.247.224.226 port 40328 ssh2
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Invalid user oscar from 176.65.132.22
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: input_userauth_request: invalid user oscar [preauth]
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Received disconnect from 220.247.224.226 port 40328:11: Bye Bye [preauth]
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Disconnected from 220.247.224.226 port 40328 [preauth]
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: Failed password for root from 185.156.73.233 port 42866 ssh2
May 31 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: Connection closed by 185.156.73.233 port 42866 [preauth]
May 31 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Failed password for invalid user oscar from 176.65.132.22 port 42800 ssh2
May 31 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Connection closed by 176.65.132.22 port 42800 [preauth]
May 31 07:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Invalid user openclaw from 176.65.132.22
May 31 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Failed password for invalid user openclaw from 176.65.132.22 port 42810 ssh2
May 31 07:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Connection closed by 176.65.132.22 port 42810 [preauth]
May 31 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session closed for user root
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Invalid user ubuntu from 192.227.213.228
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Invalid user openclaw from 176.65.132.22
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user ubuntu from 192.227.213.228 port 51962 ssh2
May 31 07:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Failed password for invalid user openclaw from 176.65.132.22 port 35100 ssh2
May 31 07:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Received disconnect from 192.227.213.228 port 51962:11: Bye Bye [preauth]
May 31 07:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Disconnected from 192.227.213.228 port 51962 [preauth]
May 31 07:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Connection closed by 176.65.132.22 port 35100 [preauth]
May 31 07:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Invalid user asterisk from 176.65.132.22
May 31 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: input_userauth_request: invalid user asterisk [preauth]
May 31 07:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for invalid user asterisk from 176.65.132.22 port 35114 ssh2
May 31 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 176.65.132.22 port 35114 [preauth]
May 31 07:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Invalid user deploy from 176.65.132.22
May 31 07:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: input_userauth_request: invalid user deploy [preauth]
May 31 07:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for root from 202.133.90.219 port 41266 ssh2
May 31 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Failed password for invalid user deploy from 176.65.132.22 port 51586 ssh2
May 31 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Connection closed by 176.65.132.22 port 51586 [preauth]
May 31 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Connection closed by 202.133.90.219 port 41266 [preauth]
May 31 07:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: Invalid user media from 176.65.132.22
May 31 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: input_userauth_request: invalid user media [preauth]
May 31 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: Failed password for invalid user media from 176.65.132.22 port 51590 ssh2
May 31 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30143]: Connection closed by 176.65.132.22 port 51590 [preauth]
May 31 07:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Invalid user user1 from 176.65.132.22
May 31 07:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: input_userauth_request: invalid user user1 [preauth]
May 31 07:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Failed password for invalid user user1 from 176.65.132.22 port 42930 ssh2
May 31 07:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Connection closed by 176.65.132.22 port 42930 [preauth]
May 31 07:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Invalid user karel from 176.65.132.22
May 31 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: input_userauth_request: invalid user karel [preauth]
May 31 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Failed password for invalid user karel from 176.65.132.22 port 42936 ssh2
May 31 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Connection closed by 176.65.132.22 port 42936 [preauth]
May 31 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30183]: pam_unix(cron:session): session closed for user p13x
May 31 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: Successful su for rubyman by root
May 31 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: + ??? root:rubyman
May 31 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427901 of user rubyman.
May 31 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: pam_unix(su:session): session closed for user rubyman
May 31 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427901.
May 31 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session closed for user root
May 31 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for root from 176.65.132.22 port 38396 ssh2
May 31 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Connection closed by 176.65.132.22 port 38396 [preauth]
May 31 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session closed for user samftp
May 31 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Invalid user debian from 176.65.132.22
May 31 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: input_userauth_request: invalid user debian [preauth]
May 31 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for invalid user debian from 176.65.132.22 port 38400 ssh2
May 31 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Connection closed by 176.65.132.22 port 38400 [preauth]
May 31 07:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Invalid user gitlab from 176.65.132.22
May 31 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: input_userauth_request: invalid user gitlab [preauth]
May 31 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Failed password for invalid user gitlab from 176.65.132.22 port 38034 ssh2
May 31 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Connection closed by 176.65.132.22 port 38034 [preauth]
May 31 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Invalid user appuser from 176.65.132.22
May 31 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: input_userauth_request: invalid user appuser [preauth]
May 31 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for invalid user appuser from 176.65.132.22 port 38058 ssh2
May 31 07:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 176.65.132.22 port 38058 [preauth]
May 31 07:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Failed password for root from 176.65.132.22 port 44564 ssh2
May 31 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Connection closed by 176.65.132.22 port 44564 [preauth]
May 31 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Invalid user ubuntu from 176.65.132.22
May 31 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Failed password for invalid user ubuntu from 176.65.132.22 port 44592 ssh2
May 31 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30499]: Connection closed by 176.65.132.22 port 44592 [preauth]
May 31 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session closed for user root
May 31 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Invalid user uploader from 176.65.132.22
May 31 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: input_userauth_request: invalid user uploader [preauth]
May 31 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Failed password for invalid user uploader from 176.65.132.22 port 48330 ssh2
May 31 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Connection closed by 176.65.132.22 port 48330 [preauth]
May 31 07:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.51.208.158  user=root
May 31 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Invalid user test3 from 176.65.132.22
May 31 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: input_userauth_request: invalid user test3 [preauth]
May 31 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Failed password for root from 187.51.208.158 port 59327 ssh2
May 31 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Received disconnect from 187.51.208.158 port 59327:11: Bye Bye [preauth]
May 31 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Disconnected from 187.51.208.158 port 59327 [preauth]
May 31 07:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Failed password for invalid user test3 from 176.65.132.22 port 48346 ssh2
May 31 07:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Connection closed by 176.65.132.22 port 48346 [preauth]
May 31 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Invalid user test3 from 176.65.132.22
May 31 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: input_userauth_request: invalid user test3 [preauth]
May 31 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Failed password for invalid user test3 from 176.65.132.22 port 57646 ssh2
May 31 07:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Connection closed by 176.65.132.22 port 57646 [preauth]
May 31 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Failed password for root from 176.65.132.22 port 57648 ssh2
May 31 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Connection closed by 176.65.132.22 port 57648 [preauth]
May 31 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Failed password for root from 103.172.78.219 port 33932 ssh2
May 31 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Connection closed by 103.172.78.219 port 33932 [preauth]
May 31 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Invalid user ubuntu from 176.65.132.22
May 31 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: Failed password for root from 220.247.224.226 port 30826 ssh2
May 31 07:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: Received disconnect from 220.247.224.226 port 30826:11: Bye Bye [preauth]
May 31 07:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: Disconnected from 220.247.224.226 port 30826 [preauth]
May 31 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Failed password for invalid user ubuntu from 176.65.132.22 port 40742 ssh2
May 31 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Connection closed by 176.65.132.22 port 40742 [preauth]
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session closed for user p13x
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: Invalid user ubuntu from 176.65.132.22
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: Successful su for rubyman by root
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: + ??? root:rubyman
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427905 of user rubyman.
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: pam_unix(su:session): session closed for user rubyman
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427905.
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: Failed password for invalid user ubuntu from 176.65.132.22 port 56874 ssh2
May 31 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session closed for user root
May 31 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: Connection closed by 176.65.132.22 port 56874 [preauth]
May 31 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session closed for user samftp
May 31 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Invalid user frappe from 176.65.132.22
May 31 07:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: input_userauth_request: invalid user frappe [preauth]
May 31 07:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Failed password for invalid user frappe from 176.65.132.22 port 56890 ssh2
May 31 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Connection closed by 176.65.132.22 port 56890 [preauth]
May 31 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Invalid user nikolay from 191.5.31.61
May 31 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: input_userauth_request: invalid user nikolay [preauth]
May 31 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Failed password for root from 202.133.90.219 port 47692 ssh2
May 31 07:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Connection closed by 202.133.90.219 port 47692 [preauth]
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Invalid user angel from 176.65.132.22
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: input_userauth_request: invalid user angel [preauth]
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Failed password for invalid user nikolay from 191.5.31.61 port 50342 ssh2
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Received disconnect from 191.5.31.61 port 50342:11: Bye Bye [preauth]
May 31 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Disconnected from 191.5.31.61 port 50342 [preauth]
May 31 07:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for invalid user angel from 176.65.132.22 port 48282 ssh2
May 31 07:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Connection closed by 176.65.132.22 port 48282 [preauth]
May 31 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: Failed password for root from 176.65.132.22 port 48296 ssh2
May 31 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: Connection closed by 176.65.132.22 port 48296 [preauth]
May 31 07:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228  user=root
May 31 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31015]: Failed password for root from 176.65.132.22 port 56124 ssh2
May 31 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31015]: Connection closed by 176.65.132.22 port 56124 [preauth]
May 31 07:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for root from 192.227.213.228 port 53290 ssh2
May 31 07:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Received disconnect from 192.227.213.228 port 53290:11: Bye Bye [preauth]
May 31 07:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Disconnected from 192.227.213.228 port 53290 [preauth]
May 31 07:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: Failed password for root from 176.65.132.22 port 56128 ssh2
May 31 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: Connection closed by 176.65.132.22 port 56128 [preauth]
May 31 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session closed for user root
May 31 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: Invalid user minecraft from 176.65.132.22
May 31 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: input_userauth_request: invalid user minecraft [preauth]
May 31 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: Failed password for invalid user minecraft from 176.65.132.22 port 37178 ssh2
May 31 07:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: Connection closed by 176.65.132.22 port 37178 [preauth]
May 31 07:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Failed password for root from 176.65.132.22 port 37190 ssh2
May 31 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Connection closed by 176.65.132.22 port 37190 [preauth]
May 31 07:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Invalid user gabriel from 176.65.132.22
May 31 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: input_userauth_request: invalid user gabriel [preauth]
May 31 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Failed password for invalid user gabriel from 176.65.132.22 port 55330 ssh2
May 31 07:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Connection closed by 176.65.132.22 port 55330 [preauth]
May 31 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Invalid user deployer from 176.65.132.22
May 31 07:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: input_userauth_request: invalid user deployer [preauth]
May 31 07:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Failed password for invalid user deployer from 176.65.132.22 port 55340 ssh2
May 31 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Connection closed by 176.65.132.22 port 55340 [preauth]
May 31 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: Invalid user newuser from 176.65.132.22
May 31 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: input_userauth_request: invalid user newuser [preauth]
May 31 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: Failed password for invalid user newuser from 176.65.132.22 port 56734 ssh2
May 31 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: Connection closed by 176.65.132.22 port 56734 [preauth]
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31157]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session closed for user p13x
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: Successful su for rubyman by root
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: + ??? root:rubyman
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427909 of user rubyman.
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: pam_unix(su:session): session closed for user rubyman
May 31 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427909.
May 31 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: Failed password for root from 176.65.132.22 port 37540 ssh2
May 31 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: Connection closed by 176.65.132.22 port 37540 [preauth]
May 31 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28178]: pam_unix(cron:session): session closed for user root
May 31 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session closed for user samftp
May 31 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Invalid user vyos from 176.65.132.22
May 31 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: input_userauth_request: invalid user vyos [preauth]
May 31 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Failed password for invalid user vyos from 176.65.132.22 port 37556 ssh2
May 31 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Connection closed by 176.65.132.22 port 37556 [preauth]
May 31 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Invalid user test from 176.65.132.22
May 31 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: input_userauth_request: invalid user test [preauth]
May 31 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Failed password for invalid user test from 176.65.132.22 port 38514 ssh2
May 31 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Connection closed by 176.65.132.22 port 38514 [preauth]
May 31 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Invalid user fivem from 176.65.132.22
May 31 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: input_userauth_request: invalid user fivem [preauth]
May 31 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Failed password for invalid user fivem from 176.65.132.22 port 38522 ssh2
May 31 07:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Connection closed by 176.65.132.22 port 38522 [preauth]
May 31 07:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Invalid user dev from 176.65.132.22
May 31 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: input_userauth_request: invalid user dev [preauth]
May 31 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Failed password for invalid user dev from 176.65.132.22 port 60016 ssh2
May 31 07:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Connection closed by 176.65.132.22 port 60016 [preauth]
May 31 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: Invalid user dev from 176.65.132.22
May 31 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: input_userauth_request: invalid user dev [preauth]
May 31 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
May 31 07:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: Failed password for invalid user dev from 176.65.132.22 port 60032 ssh2
May 31 07:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: Connection closed by 176.65.132.22 port 60032 [preauth]
May 31 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Failed password for root from 220.247.224.226 port 6646 ssh2
May 31 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session closed for user root
May 31 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Received disconnect from 220.247.224.226 port 6646:11: Bye Bye [preauth]
May 31 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Disconnected from 220.247.224.226 port 6646 [preauth]
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Invalid user admin from 103.176.20.115
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: input_userauth_request: invalid user admin [preauth]
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Invalid user admin2 from 176.65.132.22
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: input_userauth_request: invalid user admin2 [preauth]
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Failed password for invalid user admin from 103.176.20.115 port 43990 ssh2
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Received disconnect from 103.176.20.115 port 43990:11: Bye Bye [preauth]
May 31 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Disconnected from 103.176.20.115 port 43990 [preauth]
May 31 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Failed password for root from 172.174.17.234 port 37228 ssh2
May 31 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Received disconnect from 172.174.17.234 port 37228:11: Bye Bye [preauth]
May 31 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Disconnected from 172.174.17.234 port 37228 [preauth]
May 31 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Failed password for root from 94.159.110.201 port 54328 ssh2
May 31 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Connection closed by 94.159.110.201 port 54328 [preauth]
May 31 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Failed password for invalid user admin2 from 176.65.132.22 port 46750 ssh2
May 31 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Connection closed by 176.65.132.22 port 46750 [preauth]
May 31 07:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Invalid user arthur from 176.65.132.22
May 31 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: input_userauth_request: invalid user arthur [preauth]
May 31 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Failed password for invalid user arthur from 176.65.132.22 port 48510 ssh2
May 31 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Connection closed by 176.65.132.22 port 48510 [preauth]
May 31 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Failed password for root from 202.133.90.219 port 32814 ssh2
May 31 07:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Connection closed by 202.133.90.219 port 32814 [preauth]
May 31 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: Invalid user amir from 176.65.132.22
May 31 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: input_userauth_request: invalid user amir [preauth]
May 31 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: Failed password for invalid user amir from 176.65.132.22 port 48516 ssh2
May 31 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: Connection closed by 176.65.132.22 port 48516 [preauth]
May 31 07:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: User vncuser from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: input_userauth_request: invalid user vncuser [preauth]
May 31 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=vncuser
May 31 07:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Failed password for invalid user vncuser from 176.65.132.22 port 38984 ssh2
May 31 07:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Connection closed by 176.65.132.22 port 38984 [preauth]
May 31 07:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Invalid user kali from 176.65.132.22
May 31 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: input_userauth_request: invalid user kali [preauth]
May 31 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Failed password for invalid user kali from 176.65.132.22 port 38988 ssh2
May 31 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Connection closed by 176.65.132.22 port 38988 [preauth]
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session closed for user root
May 31 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31683]: pam_unix(cron:session): session closed for user p13x
May 31 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31751]: Successful su for rubyman by root
May 31 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31751]: + ??? root:rubyman
May 31 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427913 of user rubyman.
May 31 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31751]: pam_unix(su:session): session closed for user rubyman
May 31 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427913.
May 31 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Invalid user openclaw from 176.65.132.22
May 31 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session closed for user root
May 31 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28695]: pam_unix(cron:session): session closed for user root
May 31 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Failed password for invalid user openclaw from 176.65.132.22 port 48524 ssh2
May 31 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Connection closed by 176.65.132.22 port 48524 [preauth]
May 31 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31684]: pam_unix(cron:session): session closed for user samftp
May 31 07:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: Invalid user openclaw from 176.65.132.22
May 31 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: Failed password for invalid user openclaw from 176.65.132.22 port 48538 ssh2
May 31 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: Connection closed by 176.65.132.22 port 48538 [preauth]
May 31 07:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Failed password for root from 191.5.31.61 port 46036 ssh2
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Received disconnect from 191.5.31.61 port 46036:11: Bye Bye [preauth]
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Disconnected from 191.5.31.61 port 46036 [preauth]
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Invalid user installer from 176.65.132.22
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: input_userauth_request: invalid user installer [preauth]
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Invalid user test from 192.227.213.228
May 31 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: input_userauth_request: invalid user test [preauth]
May 31 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.213.228
May 31 07:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Failed password for invalid user installer from 176.65.132.22 port 41964 ssh2
May 31 07:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Connection closed by 176.65.132.22 port 41964 [preauth]
May 31 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Failed password for invalid user test from 192.227.213.228 port 54612 ssh2
May 31 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Received disconnect from 192.227.213.228 port 54612:11: Bye Bye [preauth]
May 31 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Disconnected from 192.227.213.228 port 54612 [preauth]
May 31 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Invalid user claude from 176.65.132.22
May 31 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: input_userauth_request: invalid user claude [preauth]
May 31 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Failed password for invalid user claude from 176.65.132.22 port 41976 ssh2
May 31 07:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Connection closed by 176.65.132.22 port 41976 [preauth]
May 31 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Invalid user sonar from 176.65.132.22
May 31 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: input_userauth_request: invalid user sonar [preauth]
May 31 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Failed password for root from 170.82.76.2 port 17277 ssh2
May 31 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Connection closed by 170.82.76.2 port 17277 [preauth]
May 31 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Failed password for invalid user sonar from 176.65.132.22 port 42656 ssh2
May 31 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Connection closed by 176.65.132.22 port 42656 [preauth]
May 31 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Invalid user pi from 176.65.132.22
May 31 07:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: input_userauth_request: invalid user pi [preauth]
May 31 07:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30631]: pam_unix(cron:session): session closed for user root
May 31 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Failed password for invalid user pi from 176.65.132.22 port 46284 ssh2
May 31 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Connection closed by 176.65.132.22 port 46284 [preauth]
May 31 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Invalid user pi from 176.65.132.22
May 31 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: input_userauth_request: invalid user pi [preauth]
May 31 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Failed password for invalid user pi from 176.65.132.22 port 46312 ssh2
May 31 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32098]: Failed password for root from 77.94.47.83 port 40466 ssh2
May 31 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Connection closed by 176.65.132.22 port 46312 [preauth]
May 31 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32098]: Connection closed by 77.94.47.83 port 40466 [preauth]
May 31 07:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: Invalid user server from 176.65.132.22
May 31 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: input_userauth_request: invalid user server [preauth]
May 31 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: Failed password for invalid user server from 176.65.132.22 port 36658 ssh2
May 31 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: Connection closed by 176.65.132.22 port 36658 [preauth]
May 31 07:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Invalid user default from 176.65.132.22
May 31 07:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: input_userauth_request: invalid user default [preauth]
May 31 07:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Failed password for invalid user default from 176.65.132.22 port 36662 ssh2
May 31 07:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Connection closed by 176.65.132.22 port 36662 [preauth]
May 31 07:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: Invalid user rdpuser from 176.65.132.22
May 31 07:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: input_userauth_request: invalid user rdpuser [preauth]
May 31 07:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: Failed password for invalid user rdpuser from 176.65.132.22 port 34660 ssh2
May 31 07:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: Connection closed by 176.65.132.22 port 34660 [preauth]
May 31 07:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: Invalid user azureuser from 176.65.132.22
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: input_userauth_request: invalid user azureuser [preauth]
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32169]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32167]: pam_unix(cron:session): session closed for user p13x
May 31 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32233]: Successful su for rubyman by root
May 31 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32233]: + ??? root:rubyman
May 31 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427919 of user rubyman.
May 31 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32233]: pam_unix(su:session): session closed for user rubyman
May 31 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427919.
May 31 07:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: Failed password for invalid user azureuser from 176.65.132.22 port 34674 ssh2
May 31 07:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: Connection closed by 176.65.132.22 port 34674 [preauth]
May 31 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session closed for user root
May 31 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32168]: pam_unix(cron:session): session closed for user samftp
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Invalid user admin from 220.247.224.226
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: input_userauth_request: invalid user admin [preauth]
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Invalid user azureuser from 176.65.132.22
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: input_userauth_request: invalid user azureuser [preauth]
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Failed password for invalid user admin from 220.247.224.226 port 60365 ssh2
May 31 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Received disconnect from 220.247.224.226 port 60365:11: Bye Bye [preauth]
May 31 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Disconnected from 220.247.224.226 port 60365 [preauth]
May 31 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Failed password for invalid user azureuser from 176.65.132.22 port 46756 ssh2
May 31 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Connection closed by 176.65.132.22 port 46756 [preauth]
May 31 07:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: Failed password for root from 176.65.132.22 port 50008 ssh2
May 31 07:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: Connection closed by 176.65.132.22 port 50008 [preauth]
May 31 07:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Invalid user claude from 176.65.132.22
May 31 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: input_userauth_request: invalid user claude [preauth]
May 31 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Failed password for invalid user claude from 176.65.132.22 port 50014 ssh2
May 31 07:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Connection closed by 176.65.132.22 port 50014 [preauth]
May 31 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Invalid user test from 176.65.132.22
May 31 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: input_userauth_request: invalid user test [preauth]
May 31 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32432]: Failed password for root from 202.133.90.219 port 56918 ssh2
May 31 07:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Failed password for invalid user test from 176.65.132.22 port 36180 ssh2
May 31 07:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Connection closed by 176.65.132.22 port 36180 [preauth]
May 31 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32432]: Connection closed by 202.133.90.219 port 56918 [preauth]
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Invalid user user3 from 176.65.132.22
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: input_userauth_request: invalid user user3 [preauth]
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Invalid user  from 64.62.197.111
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: input_userauth_request: invalid user  [preauth]
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Failed password for invalid user user3 from 176.65.132.22 port 36190 ssh2
May 31 07:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Connection closed by 176.65.132.22 port 36190 [preauth]
May 31 07:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Invalid user dev from 103.176.20.115
May 31 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: input_userauth_request: invalid user dev [preauth]
May 31 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Connection closed by 64.62.197.111 port 64553 [preauth]
May 31 07:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: Invalid user fastuser from 176.65.132.22
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: input_userauth_request: invalid user fastuser [preauth]
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Failed password for invalid user dev from 103.176.20.115 port 34322 ssh2
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session closed for user root
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Received disconnect from 103.176.20.115 port 34322:11: Bye Bye [preauth]
May 31 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Disconnected from 103.176.20.115 port 34322 [preauth]
May 31 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: Failed password for invalid user fastuser from 176.65.132.22 port 60068 ssh2
May 31 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: Connection closed by 176.65.132.22 port 60068 [preauth]
May 31 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Invalid user fastuser from 176.65.132.22
May 31 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: input_userauth_request: invalid user fastuser [preauth]
May 31 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Failed password for invalid user fastuser from 176.65.132.22 port 60084 ssh2
May 31 07:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Connection closed by 176.65.132.22 port 60084 [preauth]
May 31 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Failed password for root from 176.65.132.22 port 55858 ssh2
May 31 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Connection closed by 176.65.132.22 port 55858 [preauth]
May 31 07:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: Invalid user bob from 176.65.132.22
May 31 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: input_userauth_request: invalid user bob [preauth]
May 31 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: Failed password for invalid user bob from 176.65.132.22 port 55860 ssh2
May 31 07:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32577]: Connection closed by 176.65.132.22 port 55860 [preauth]
May 31 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Invalid user admin from 176.65.132.22
May 31 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: input_userauth_request: invalid user admin [preauth]
May 31 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Failed password for invalid user admin from 176.65.132.22 port 59434 ssh2
May 31 07:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Connection closed by 176.65.132.22 port 59434 [preauth]
May 31 07:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session closed for user p13x
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32666]: Successful su for rubyman by root
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32666]: + ??? root:rubyman
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427924 of user rubyman.
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32666]: pam_unix(su:session): session closed for user rubyman
May 31 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427924.
May 31 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32600]: Failed password for root from 176.65.132.22 port 59450 ssh2
May 31 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32600]: Connection closed by 176.65.132.22 port 59450 [preauth]
May 31 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session closed for user root
May 31 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session closed for user samftp
May 31 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[394]: Failed password for root from 176.65.132.22 port 36704 ssh2
May 31 07:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[394]: Connection closed by 176.65.132.22 port 36704 [preauth]
May 31 07:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Invalid user guest from 176.65.132.22
May 31 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: input_userauth_request: invalid user guest [preauth]
May 31 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Failed password for invalid user guest from 176.65.132.22 port 55374 ssh2
May 31 07:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Connection closed by 176.65.132.22 port 55374 [preauth]
May 31 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Invalid user frank from 176.65.132.22
May 31 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: input_userauth_request: invalid user frank [preauth]
May 31 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Failed password for invalid user frank from 176.65.132.22 port 55386 ssh2
May 31 07:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Connection closed by 176.65.132.22 port 55386 [preauth]
May 31 07:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: Failed password for root from 191.5.31.61 port 53246 ssh2
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: Invalid user a from 176.65.132.22
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: input_userauth_request: invalid user a [preauth]
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: Received disconnect from 191.5.31.61 port 53246:11: Bye Bye [preauth]
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: Disconnected from 191.5.31.61 port 53246 [preauth]
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: Failed password for invalid user a from 176.65.132.22 port 50208 ssh2
May 31 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: Connection closed by 176.65.132.22 port 50208 [preauth]
May 31 07:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Invalid user develop from 103.176.20.115
May 31 07:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: input_userauth_request: invalid user develop [preauth]
May 31 07:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for invalid user develop from 103.176.20.115 port 49352 ssh2
May 31 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Received disconnect from 103.176.20.115 port 49352:11: Bye Bye [preauth]
May 31 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Disconnected from 103.176.20.115 port 49352 [preauth]
May 31 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Failed password for root from 176.65.132.22 port 50228 ssh2
May 31 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Connection closed by 176.65.132.22 port 50228 [preauth]
May 31 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session closed for user root
May 31 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Failed password for root from 176.65.132.22 port 53632 ssh2
May 31 07:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Connection closed by 176.65.132.22 port 53632 [preauth]
May 31 07:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: Invalid user ubuntu from 176.65.132.22
May 31 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: Failed password for invalid user ubuntu from 176.65.132.22 port 53648 ssh2
May 31 07:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: Connection closed by 176.65.132.22 port 53648 [preauth]
May 31 07:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Invalid user rancher from 176.65.132.22
May 31 07:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: input_userauth_request: invalid user rancher [preauth]
May 31 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: Failed password for root from 202.133.90.219 port 59640 ssh2
May 31 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: Connection closed by 202.133.90.219 port 59640 [preauth]
May 31 07:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Failed password for invalid user rancher from 176.65.132.22 port 42112 ssh2
May 31 07:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Connection closed by 176.65.132.22 port 42112 [preauth]
May 31 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Invalid user hadoop from 176.65.132.22
May 31 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: input_userauth_request: invalid user hadoop [preauth]
May 31 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Failed password for invalid user hadoop from 176.65.132.22 port 43790 ssh2
May 31 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Connection closed by 176.65.132.22 port 43790 [preauth]
May 31 07:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Invalid user rajiv from 172.174.17.234
May 31 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: input_userauth_request: invalid user rajiv [preauth]
May 31 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234
May 31 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Failed password for invalid user rajiv from 172.174.17.234 port 42674 ssh2
May 31 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Received disconnect from 172.174.17.234 port 42674:11: Bye Bye [preauth]
May 31 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Disconnected from 172.174.17.234 port 42674 [preauth]
May 31 07:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Failed password for root from 176.65.132.22 port 43804 ssh2
May 31 07:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Connection closed by 176.65.132.22 port 43804 [preauth]
May 31 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[718]: pam_unix(cron:session): session closed for user p13x
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: Successful su for rubyman by root
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: + ??? root:rubyman
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427929 of user rubyman.
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: pam_unix(su:session): session closed for user rubyman
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427929.
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Invalid user security from 176.65.132.22
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: input_userauth_request: invalid user security [preauth]
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30185]: pam_unix(cron:session): session closed for user root
May 31 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Failed password for invalid user security from 176.65.132.22 port 55500 ssh2
May 31 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Connection closed by 176.65.132.22 port 55500 [preauth]
May 31 07:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session closed for user samftp
May 31 07:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Invalid user bot from 176.65.132.22
May 31 07:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: input_userauth_request: invalid user bot [preauth]
May 31 07:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Failed password for invalid user bot from 176.65.132.22 port 55508 ssh2
May 31 07:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Connection closed by 176.65.132.22 port 55508 [preauth]
May 31 07:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 07:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Invalid user node from 176.65.132.22
May 31 07:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: input_userauth_request: invalid user node [preauth]
May 31 07:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: Failed password for root from 170.82.76.2 port 26833 ssh2
May 31 07:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: Connection closed by 170.82.76.2 port 26833 [preauth]
May 31 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Failed password for invalid user node from 176.65.132.22 port 52634 ssh2
May 31 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Connection closed by 176.65.132.22 port 52634 [preauth]
May 31 07:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115  user=root
May 31 07:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Invalid user node from 176.65.132.22
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: input_userauth_request: invalid user node [preauth]
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Failed password for root from 103.176.20.115 port 36166 ssh2
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Received disconnect from 103.176.20.115 port 36166:11: Bye Bye [preauth]
May 31 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Disconnected from 103.176.20.115 port 36166 [preauth]
May 31 07:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Failed password for invalid user node from 176.65.132.22 port 52644 ssh2
May 31 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Connection closed by 176.65.132.22 port 52644 [preauth]
May 31 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: User mysql from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: input_userauth_request: invalid user mysql [preauth]
May 31 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=mysql
May 31 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Failed password for invalid user mysql from 176.65.132.22 port 48664 ssh2
May 31 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Connection closed by 176.65.132.22 port 48664 [preauth]
May 31 07:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32170]: pam_unix(cron:session): session closed for user root
May 31 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Failed password for root from 176.65.132.22 port 51112 ssh2
May 31 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Connection closed by 176.65.132.22 port 51112 [preauth]
May 31 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Invalid user web from 176.65.132.22
May 31 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: input_userauth_request: invalid user web [preauth]
May 31 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Failed password for invalid user web from 176.65.132.22 port 51126 ssh2
May 31 07:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Connection closed by 176.65.132.22 port 51126 [preauth]
May 31 07:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Invalid user nutanix from 176.65.132.22
May 31 07:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: input_userauth_request: invalid user nutanix [preauth]
May 31 07:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Failed password for invalid user nutanix from 176.65.132.22 port 42006 ssh2
May 31 07:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Connection closed by 176.65.132.22 port 42006 [preauth]
May 31 07:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Invalid user milad from 176.65.132.22
May 31 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: input_userauth_request: invalid user milad [preauth]
May 31 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for root from 103.77.242.62 port 36612 ssh2
May 31 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Failed password for invalid user milad from 176.65.132.22 port 42016 ssh2
May 31 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Connection closed by 103.77.242.62 port 36612 [preauth]
May 31 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Connection closed by 176.65.132.22 port 42016 [preauth]
May 31 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Invalid user ubuntu from 176.65.132.22
May 31 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Failed password for invalid user ubuntu from 176.65.132.22 port 40814 ssh2
May 31 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Connection closed by 176.65.132.22 port 40814 [preauth]
May 31 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Invalid user user3 from 176.65.132.22
May 31 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: input_userauth_request: invalid user user3 [preauth]
May 31 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1188]: Failed password for root from 176.32.39.21 port 33028 ssh2
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1188]: Connection closed by 176.32.39.21 port 33028 [preauth]
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user p13x
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: Successful su for rubyman by root
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: + ??? root:rubyman
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427931 of user rubyman.
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: pam_unix(su:session): session closed for user rubyman
May 31 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427931.
May 31 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for invalid user user3 from 176.65.132.22 port 40832 ssh2
May 31 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 176.65.132.22 port 40832 [preauth]
May 31 07:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session closed for user root
May 31 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user samftp
May 31 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Invalid user user2 from 176.65.132.22
May 31 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: input_userauth_request: invalid user user2 [preauth]
May 31 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Failed password for invalid user user2 from 176.65.132.22 port 48742 ssh2
May 31 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Connection closed by 176.65.132.22 port 48742 [preauth]
May 31 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115  user=root
May 31 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Failed password for root from 103.176.20.115 port 51208 ssh2
May 31 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Received disconnect from 103.176.20.115 port 51208:11: Bye Bye [preauth]
May 31 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Disconnected from 103.176.20.115 port 51208 [preauth]
May 31 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Failed password for root from 176.65.132.22 port 37942 ssh2
May 31 07:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Connection closed by 176.65.132.22 port 37942 [preauth]
May 31 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Failed password for root from 202.133.90.219 port 51476 ssh2
May 31 07:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Connection closed by 202.133.90.219 port 51476 [preauth]
May 31 07:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: Invalid user sam from 176.65.132.22
May 31 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: input_userauth_request: invalid user sam [preauth]
May 31 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: Failed password for invalid user sam from 176.65.132.22 port 37950 ssh2
May 31 07:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1617]: Connection closed by 176.65.132.22 port 37950 [preauth]
May 31 07:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Invalid user sam from 176.65.132.22
May 31 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: input_userauth_request: invalid user sam [preauth]
May 31 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Failed password for invalid user sam from 176.65.132.22 port 37170 ssh2
May 31 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Connection closed by 176.65.132.22 port 37170 [preauth]
May 31 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Invalid user splunk from 176.65.132.22
May 31 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: input_userauth_request: invalid user splunk [preauth]
May 31 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Failed password for invalid user splunk from 176.65.132.22 port 37186 ssh2
May 31 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Connection closed by 176.65.132.22 port 37186 [preauth]
May 31 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Failed password for root from 191.5.31.61 port 59548 ssh2
May 31 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Received disconnect from 191.5.31.61 port 59548:11: Bye Bye [preauth]
May 31 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Disconnected from 191.5.31.61 port 59548 [preauth]
May 31 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32606]: pam_unix(cron:session): session closed for user root
May 31 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Invalid user splunk from 176.65.132.22
May 31 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: input_userauth_request: invalid user splunk [preauth]
May 31 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Failed password for invalid user splunk from 176.65.132.22 port 45410 ssh2
May 31 07:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Connection closed by 176.65.132.22 port 45410 [preauth]
May 31 07:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Invalid user ftpuser from 176.65.132.22
May 31 07:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: input_userauth_request: invalid user ftpuser [preauth]
May 31 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user ftpuser from 176.65.132.22 port 45424 ssh2
May 31 07:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Connection closed by 176.65.132.22 port 45424 [preauth]
May 31 07:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Invalid user odoo16 from 176.65.132.22
May 31 07:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: input_userauth_request: invalid user odoo16 [preauth]
May 31 07:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Failed password for invalid user odoo16 from 176.65.132.22 port 39204 ssh2
May 31 07:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Connection closed by 176.65.132.22 port 39204 [preauth]
May 31 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Invalid user tester from 176.65.132.22
May 31 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: input_userauth_request: invalid user tester [preauth]
May 31 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Failed password for invalid user tester from 176.65.132.22 port 39228 ssh2
May 31 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Connection closed by 176.65.132.22 port 39228 [preauth]
May 31 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Invalid user dspace from 176.65.132.22
May 31 07:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: input_userauth_request: invalid user dspace [preauth]
May 31 07:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Failed password for invalid user dspace from 176.65.132.22 port 51870 ssh2
May 31 07:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Connection closed by 176.65.132.22 port 51870 [preauth]
May 31 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Invalid user usuarioftp from 103.176.20.115
May 31 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: input_userauth_request: invalid user usuarioftp [preauth]
May 31 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for invalid user usuarioftp from 103.176.20.115 port 38000 ssh2
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Received disconnect from 103.176.20.115 port 38000:11: Bye Bye [preauth]
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Disconnected from 103.176.20.115 port 38000 [preauth]
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Invalid user guest from 176.65.132.22
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: input_userauth_request: invalid user guest [preauth]
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session closed for user root
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1787]: pam_unix(cron:session): session closed for user p13x
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1851]: Successful su for rubyman by root
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1851]: + ??? root:rubyman
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427935 of user rubyman.
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1851]: pam_unix(su:session): session closed for user rubyman
May 31 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427935.
May 31 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Failed password for invalid user guest from 176.65.132.22 port 51880 ssh2
May 31 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Connection closed by 176.65.132.22 port 51880 [preauth]
May 31 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session closed for user root
May 31 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31157]: pam_unix(cron:session): session closed for user root
May 31 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session closed for user samftp
May 31 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Invalid user openclaw from 176.65.132.22
May 31 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Failed password for invalid user openclaw from 176.65.132.22 port 40590 ssh2
May 31 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Connection closed by 176.65.132.22 port 40590 [preauth]
May 31 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Invalid user amit from 176.65.132.22
May 31 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: input_userauth_request: invalid user amit [preauth]
May 31 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Failed password for invalid user amit from 176.65.132.22 port 60614 ssh2
May 31 07:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Connection closed by 176.65.132.22 port 60614 [preauth]
May 31 07:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Failed password for root from 176.65.132.22 port 60622 ssh2
May 31 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Connection closed by 176.65.132.22 port 60622 [preauth]
May 31 07:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Invalid user claude from 176.65.132.22
May 31 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: input_userauth_request: invalid user claude [preauth]
May 31 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Failed password for invalid user claude from 176.65.132.22 port 41544 ssh2
May 31 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Connection closed by 176.65.132.22 port 41544 [preauth]
May 31 07:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: Invalid user admin from 176.65.132.22
May 31 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: input_userauth_request: invalid user admin [preauth]
May 31 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: Failed password for invalid user admin from 176.65.132.22 port 41570 ssh2
May 31 07:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: Connection closed by 176.65.132.22 port 41570 [preauth]
May 31 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Invalid user appuser from 176.65.132.22
May 31 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: input_userauth_request: invalid user appuser [preauth]
May 31 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session closed for user root
May 31 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Failed password for invalid user appuser from 176.65.132.22 port 56800 ssh2
May 31 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Connection closed by 176.65.132.22 port 56800 [preauth]
May 31 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Invalid user user from 176.65.132.22
May 31 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: input_userauth_request: invalid user user [preauth]
May 31 07:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Failed password for invalid user user from 176.65.132.22 port 56810 ssh2
May 31 07:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Connection closed by 176.65.132.22 port 56810 [preauth]
May 31 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Invalid user ecommerce from 176.65.132.22
May 31 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: input_userauth_request: invalid user ecommerce [preauth]
May 31 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Failed password for root from 202.133.90.219 port 59296 ssh2
May 31 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Failed password for invalid user ecommerce from 176.65.132.22 port 32802 ssh2
May 31 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Connection closed by 176.65.132.22 port 32802 [preauth]
May 31 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Connection closed by 202.133.90.219 port 59296 [preauth]
May 31 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: Invalid user ubuntu from 103.176.20.115
May 31 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for root from 176.65.132.22 port 32832 ssh2
May 31 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Connection closed by 176.65.132.22 port 32832 [preauth]
May 31 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: Failed password for invalid user ubuntu from 103.176.20.115 port 53022 ssh2
May 31 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: Received disconnect from 103.176.20.115 port 53022:11: Bye Bye [preauth]
May 31 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2292]: Disconnected from 103.176.20.115 port 53022 [preauth]
May 31 07:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Invalid user systemd from 176.65.132.22
May 31 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: input_userauth_request: invalid user systemd [preauth]
May 31 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Failed password for invalid user systemd from 176.65.132.22 port 47818 ssh2
May 31 07:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Connection closed by 176.65.132.22 port 47818 [preauth]
May 31 07:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: Connection closed by 194.59.206.2 port 39548 [preauth]
May 31 07:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Invalid user test1 from 176.65.132.22
May 31 07:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: input_userauth_request: invalid user test1 [preauth]
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2334]: pam_unix(cron:session): session closed for user p13x
May 31 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2404]: Successful su for rubyman by root
May 31 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2404]: + ??? root:rubyman
May 31 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427943 of user rubyman.
May 31 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2404]: pam_unix(su:session): session closed for user rubyman
May 31 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427943.
May 31 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Failed password for invalid user test1 from 176.65.132.22 port 47826 ssh2
May 31 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Connection closed by 176.65.132.22 port 47826 [preauth]
May 31 07:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user root
May 31 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2335]: pam_unix(cron:session): session closed for user samftp
May 31 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Invalid user admin1 from 176.65.132.22
May 31 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: input_userauth_request: invalid user admin1 [preauth]
May 31 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Failed password for invalid user admin1 from 176.65.132.22 port 37548 ssh2
May 31 07:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Connection closed by 176.65.132.22 port 37548 [preauth]
May 31 07:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 07:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: Invalid user admin1 from 176.65.132.22
May 31 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: input_userauth_request: invalid user admin1 [preauth]
May 31 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Failed password for root from 172.174.17.234 port 48256 ssh2
May 31 07:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Received disconnect from 172.174.17.234 port 48256:11: Bye Bye [preauth]
May 31 07:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Disconnected from 172.174.17.234 port 48256 [preauth]
May 31 07:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: Failed password for invalid user admin1 from 176.65.132.22 port 57352 ssh2
May 31 07:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: Connection closed by 176.65.132.22 port 57352 [preauth]
May 31 07:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Invalid user debian from 176.65.132.22
May 31 07:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: input_userauth_request: invalid user debian [preauth]
May 31 07:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Failed password for invalid user debian from 176.65.132.22 port 57366 ssh2
May 31 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Connection closed by 176.65.132.22 port 57366 [preauth]
May 31 07:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Invalid user debian from 176.65.132.22
May 31 07:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: input_userauth_request: invalid user debian [preauth]
May 31 07:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Failed password for invalid user debian from 176.65.132.22 port 45192 ssh2
May 31 07:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Connection closed by 176.65.132.22 port 45192 [preauth]
May 31 07:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2678]: Failed password for root from 176.65.132.22 port 45198 ssh2
May 31 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2678]: Connection closed by 176.65.132.22 port 45198 [preauth]
May 31 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session closed for user root
May 31 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Invalid user mongo from 191.5.31.61
May 31 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: input_userauth_request: invalid user mongo [preauth]
May 31 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Invalid user pi from 176.65.132.22
May 31 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: input_userauth_request: invalid user pi [preauth]
May 31 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2680]: Failed password for root from 103.15.222.183 port 47878 ssh2
May 31 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2680]: Connection closed by 103.15.222.183 port 47878 [preauth]
May 31 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for invalid user mongo from 191.5.31.61 port 48946 ssh2
May 31 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Received disconnect from 191.5.31.61 port 48946:11: Bye Bye [preauth]
May 31 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Disconnected from 191.5.31.61 port 48946 [preauth]
May 31 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Failed password for invalid user pi from 176.65.132.22 port 37844 ssh2
May 31 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Connection closed by 176.65.132.22 port 37844 [preauth]
May 31 07:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Invalid user appuser from 176.65.132.22
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: input_userauth_request: invalid user appuser [preauth]
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Invalid user talha from 103.176.20.115
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: input_userauth_request: invalid user talha [preauth]
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Failed password for invalid user appuser from 176.65.132.22 port 53248 ssh2
May 31 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Connection closed by 176.65.132.22 port 53248 [preauth]
May 31 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Failed password for invalid user talha from 103.176.20.115 port 39812 ssh2
May 31 07:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Received disconnect from 103.176.20.115 port 39812:11: Bye Bye [preauth]
May 31 07:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Disconnected from 103.176.20.115 port 39812 [preauth]
May 31 07:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Invalid user portal from 176.65.132.22
May 31 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: input_userauth_request: invalid user portal [preauth]
May 31 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Failed password for invalid user portal from 176.65.132.22 port 53262 ssh2
May 31 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Connection closed by 176.65.132.22 port 53262 [preauth]
May 31 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Failed password for root from 103.149.28.157 port 46468 ssh2
May 31 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Connection closed by 103.149.28.157 port 46468 [preauth]
May 31 07:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Invalid user dev from 176.65.132.22
May 31 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: input_userauth_request: invalid user dev [preauth]
May 31 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Failed password for invalid user dev from 176.65.132.22 port 45958 ssh2
May 31 07:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Connection closed by 176.65.132.22 port 45958 [preauth]
May 31 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Invalid user teamspeak from 176.65.132.22
May 31 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: input_userauth_request: invalid user teamspeak [preauth]
May 31 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Failed password for invalid user teamspeak from 176.65.132.22 port 45978 ssh2
May 31 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Connection closed by 176.65.132.22 port 45978 [preauth]
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session closed for user p13x
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: Successful su for rubyman by root
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: + ??? root:rubyman
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427947 of user rubyman.
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: pam_unix(su:session): session closed for user rubyman
May 31 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427947.
May 31 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Invalid user runner from 176.65.132.22
May 31 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: input_userauth_request: invalid user runner [preauth]
May 31 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32169]: pam_unix(cron:session): session closed for user root
May 31 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session closed for user samftp
May 31 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Failed password for invalid user runner from 176.65.132.22 port 47802 ssh2
May 31 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Connection closed by 176.65.132.22 port 47802 [preauth]
May 31 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: Invalid user pi from 176.65.132.22
May 31 07:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: input_userauth_request: invalid user pi [preauth]
May 31 07:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: Failed password for invalid user pi from 176.65.132.22 port 47810 ssh2
May 31 07:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3039]: Connection closed by 176.65.132.22 port 47810 [preauth]
May 31 07:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for root from 176.65.132.22 port 32946 ssh2
May 31 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Connection closed by 176.65.132.22 port 32946 [preauth]
May 31 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 07:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: Failed password for root from 202.133.90.219 port 34902 ssh2
May 31 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: Connection closed by 202.133.90.219 port 34902 [preauth]
May 31 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Failed password for root from 87.251.79.125 port 55006 ssh2
May 31 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Connection closed by 87.251.79.125 port 55006 [preauth]
May 31 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Failed password for root from 176.65.132.22 port 32950 ssh2
May 31 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Connection closed by 176.65.132.22 port 32950 [preauth]
May 31 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for root from 185.156.73.233 port 56838 ssh2
May 31 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 185.156.73.233 port 56838 [preauth]
May 31 07:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Invalid user usuario from 176.65.132.22
May 31 07:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: input_userauth_request: invalid user usuario [preauth]
May 31 07:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Failed password for invalid user usuario from 176.65.132.22 port 47800 ssh2
May 31 07:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Connection closed by 176.65.132.22 port 47800 [preauth]
May 31 07:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Invalid user postgres from 176.65.132.22
May 31 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: input_userauth_request: invalid user postgres [preauth]
May 31 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115  user=root
May 31 07:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Failed password for invalid user postgres from 176.65.132.22 port 47804 ssh2
May 31 07:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Connection closed by 176.65.132.22 port 47804 [preauth]
May 31 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session closed for user root
May 31 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: Failed password for root from 103.176.20.115 port 54854 ssh2
May 31 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: Received disconnect from 103.176.20.115 port 54854:11: Bye Bye [preauth]
May 31 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: Disconnected from 103.176.20.115 port 54854 [preauth]
May 31 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: Invalid user postgres from 176.65.132.22
May 31 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: input_userauth_request: invalid user postgres [preauth]
May 31 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: Failed password for invalid user postgres from 176.65.132.22 port 38068 ssh2
May 31 07:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: Connection closed by 176.65.132.22 port 38068 [preauth]
May 31 07:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Invalid user steam from 176.65.132.22
May 31 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: input_userauth_request: invalid user steam [preauth]
May 31 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Failed password for invalid user steam from 176.65.132.22 port 38078 ssh2
May 31 07:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Connection closed by 176.65.132.22 port 38078 [preauth]
May 31 07:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Invalid user student from 176.65.132.22
May 31 07:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: input_userauth_request: invalid user student [preauth]
May 31 07:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Failed password for invalid user student from 176.65.132.22 port 50362 ssh2
May 31 07:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Connection closed by 176.65.132.22 port 50362 [preauth]
May 31 07:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for root from 176.65.132.22 port 55762 ssh2
May 31 07:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Connection closed by 176.65.132.22 port 55762 [preauth]
May 31 07:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Invalid user gd from 176.65.132.22
May 31 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: input_userauth_request: invalid user gd [preauth]
May 31 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for invalid user gd from 176.65.132.22 port 55774 ssh2
May 31 07:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Connection closed by 176.65.132.22 port 55774 [preauth]
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user p13x
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: Successful su for rubyman by root
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: + ??? root:rubyman
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427949 of user rubyman.
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: pam_unix(su:session): session closed for user rubyman
May 31 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427949.
May 31 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: Invalid user gd from 176.65.132.22
May 31 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: input_userauth_request: invalid user gd [preauth]
May 31 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session closed for user root
May 31 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session closed for user samftp
May 31 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: Failed password for invalid user gd from 176.65.132.22 port 56366 ssh2
May 31 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3336]: Connection closed by 176.65.132.22 port 56366 [preauth]
May 31 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: Invalid user www from 176.65.132.22
May 31 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: input_userauth_request: invalid user www [preauth]
May 31 07:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: Failed password for invalid user www from 176.65.132.22 port 56376 ssh2
May 31 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: Connection closed by 176.65.132.22 port 56376 [preauth]
May 31 07:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Invalid user debian from 176.65.132.22
May 31 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: input_userauth_request: invalid user debian [preauth]
May 31 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Failed password for invalid user debian from 176.65.132.22 port 41338 ssh2
May 31 07:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Connection closed by 176.65.132.22 port 41338 [preauth]
May 31 07:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Invalid user debian from 176.65.132.22
May 31 07:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: input_userauth_request: invalid user debian [preauth]
May 31 07:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Failed password for invalid user debian from 176.65.132.22 port 41344 ssh2
May 31 07:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 07:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Connection closed by 176.65.132.22 port 41344 [preauth]
May 31 07:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Failed password for root from 37.120.213.13 port 33410 ssh2
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Connection closed by 37.120.213.13 port 33410 [preauth]
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Invalid user henry from 103.176.20.115
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: input_userauth_request: invalid user henry [preauth]
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Invalid user ts3 from 176.65.132.22
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: input_userauth_request: invalid user ts3 [preauth]
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Failed password for invalid user henry from 103.176.20.115 port 41646 ssh2
May 31 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Failed password for invalid user ts3 from 176.65.132.22 port 45942 ssh2
May 31 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Received disconnect from 103.176.20.115 port 41646:11: Bye Bye [preauth]
May 31 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Disconnected from 103.176.20.115 port 41646 [preauth]
May 31 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Connection closed by 176.65.132.22 port 45942 [preauth]
May 31 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Invalid user ali from 176.65.132.22
May 31 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: input_userauth_request: invalid user ali [preauth]
May 31 07:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Failed password for invalid user ali from 176.65.132.22 port 45952 ssh2
May 31 07:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Connection closed by 176.65.132.22 port 45952 [preauth]
May 31 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session closed for user root
May 31 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Invalid user ubuntu from 176.65.132.22
May 31 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Failed password for invalid user ubuntu from 176.65.132.22 port 55100 ssh2
May 31 07:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Connection closed by 176.65.132.22 port 55100 [preauth]
May 31 07:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Invalid user sam from 176.65.132.22
May 31 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: input_userauth_request: invalid user sam [preauth]
May 31 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Failed password for invalid user sam from 176.65.132.22 port 55104 ssh2
May 31 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Connection closed by 176.65.132.22 port 55104 [preauth]
May 31 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Invalid user oracle from 191.5.31.61
May 31 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: input_userauth_request: invalid user oracle [preauth]
May 31 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3577]: Failed password for root from 202.133.90.219 port 56100 ssh2
May 31 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Invalid user hu from 176.65.132.22
May 31 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: input_userauth_request: invalid user hu [preauth]
May 31 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3577]: Connection closed by 202.133.90.219 port 56100 [preauth]
May 31 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Failed password for invalid user oracle from 191.5.31.61 port 42980 ssh2
May 31 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Received disconnect from 191.5.31.61 port 42980:11: Bye Bye [preauth]
May 31 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Disconnected from 191.5.31.61 port 42980 [preauth]
May 31 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Failed password for invalid user hu from 176.65.132.22 port 49732 ssh2
May 31 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Connection closed by 176.65.132.22 port 49732 [preauth]
May 31 07:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Invalid user gabriel from 176.65.132.22
May 31 07:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: input_userauth_request: invalid user gabriel [preauth]
May 31 07:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Failed password for invalid user gabriel from 176.65.132.22 port 49742 ssh2
May 31 07:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Connection closed by 176.65.132.22 port 49742 [preauth]
May 31 07:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Invalid user test from 176.65.132.22
May 31 07:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: input_userauth_request: invalid user test [preauth]
May 31 07:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Failed password for invalid user test from 176.65.132.22 port 39184 ssh2
May 31 07:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Connection closed by 176.65.132.22 port 39184 [preauth]
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session closed for user p13x
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: Successful su for rubyman by root
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: + ??? root:rubyman
May 31 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427954 of user rubyman.
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: pam_unix(su:session): session closed for user rubyman
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427954.
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Invalid user test from 176.65.132.22
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: input_userauth_request: invalid user test [preauth]
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session closed for user root
May 31 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for invalid user test from 176.65.132.22 port 34636 ssh2
May 31 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Connection closed by 176.65.132.22 port 34636 [preauth]
May 31 07:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session closed for user samftp
May 31 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Invalid user student from 176.65.132.22
May 31 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: input_userauth_request: invalid user student [preauth]
May 31 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Failed password for invalid user student from 176.65.132.22 port 34642 ssh2
May 31 07:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Connection closed by 176.65.132.22 port 34642 [preauth]
May 31 07:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Invalid user odoo17 from 176.65.132.22
May 31 07:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: input_userauth_request: invalid user odoo17 [preauth]
May 31 07:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Failed password for invalid user odoo17 from 176.65.132.22 port 38760 ssh2
May 31 07:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Connection closed by 176.65.132.22 port 38760 [preauth]
May 31 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: Invalid user test_user from 103.176.20.115
May 31 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: input_userauth_request: invalid user test_user [preauth]
May 31 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: User vncuser from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: input_userauth_request: invalid user vncuser [preauth]
May 31 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=vncuser
May 31 07:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: Failed password for invalid user test_user from 103.176.20.115 port 56668 ssh2
May 31 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Failed password for invalid user vncuser from 176.65.132.22 port 38770 ssh2
May 31 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: Received disconnect from 103.176.20.115 port 56668:11: Bye Bye [preauth]
May 31 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4116]: Disconnected from 103.176.20.115 port 56668 [preauth]
May 31 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Connection closed by 176.65.132.22 port 38770 [preauth]
May 31 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Invalid user node from 176.65.132.22
May 31 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: input_userauth_request: invalid user node [preauth]
May 31 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Failed password for invalid user node from 176.65.132.22 port 39300 ssh2
May 31 07:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Connection closed by 176.65.132.22 port 39300 [preauth]
May 31 07:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: Invalid user onkar from 176.65.132.22
May 31 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: input_userauth_request: invalid user onkar [preauth]
May 31 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: Failed password for invalid user onkar from 176.65.132.22 port 39306 ssh2
May 31 07:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4152]: Connection closed by 176.65.132.22 port 39306 [preauth]
May 31 07:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session closed for user root
May 31 07:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4162]: Failed password for root from 172.174.17.234 port 33422 ssh2
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4162]: Received disconnect from 172.174.17.234 port 33422:11: Bye Bye [preauth]
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4162]: Disconnected from 172.174.17.234 port 33422 [preauth]
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: Invalid user grid from 176.65.132.22
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: input_userauth_request: invalid user grid [preauth]
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: Failed password for invalid user grid from 176.65.132.22 port 49742 ssh2
May 31 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: Connection closed by 176.65.132.22 port 49742 [preauth]
May 31 07:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: Invalid user mc from 176.65.132.22
May 31 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: input_userauth_request: invalid user mc [preauth]
May 31 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: Failed password for invalid user mc from 176.65.132.22 port 49750 ssh2
May 31 07:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: Connection closed by 176.65.132.22 port 49750 [preauth]
May 31 07:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4223]: Failed password for root from 176.65.132.22 port 40058 ssh2
May 31 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4223]: Connection closed by 176.65.132.22 port 40058 [preauth]
May 31 07:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: Invalid user postgres from 176.65.132.22
May 31 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: input_userauth_request: invalid user postgres [preauth]
May 31 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: Failed password for invalid user postgres from 176.65.132.22 port 40070 ssh2
May 31 07:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: Connection closed by 176.65.132.22 port 40070 [preauth]
May 31 07:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: Invalid user deploy from 176.65.132.22
May 31 07:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: input_userauth_request: invalid user deploy [preauth]
May 31 07:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: Failed password for invalid user deploy from 176.65.132.22 port 56862 ssh2
May 31 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: Connection closed by 176.65.132.22 port 56862 [preauth]
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4269]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4269]: pam_unix(cron:session): session closed for user root
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session closed for user p13x
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Invalid user cloud from 176.65.132.22
May 31 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: input_userauth_request: invalid user cloud [preauth]
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: Successful su for rubyman by root
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: + ??? root:rubyman
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427957 of user rubyman.
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: pam_unix(su:session): session closed for user rubyman
May 31 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427957.
May 31 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1204]: pam_unix(cron:session): session closed for user root
May 31 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session closed for user root
May 31 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Failed password for invalid user cloud from 176.65.132.22 port 47856 ssh2
May 31 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Connection closed by 176.65.132.22 port 47856 [preauth]
May 31 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session closed for user samftp
May 31 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Invalid user cloud from 176.65.132.22
May 31 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: input_userauth_request: invalid user cloud [preauth]
May 31 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Invalid user rami from 103.176.20.115
May 31 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: input_userauth_request: invalid user rami [preauth]
May 31 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user cloud from 176.65.132.22 port 47876 ssh2
May 31 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Connection closed by 176.65.132.22 port 47876 [preauth]
May 31 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Failed password for invalid user rami from 103.176.20.115 port 43460 ssh2
May 31 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Received disconnect from 103.176.20.115 port 43460:11: Bye Bye [preauth]
May 31 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Disconnected from 103.176.20.115 port 43460 [preauth]
May 31 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Invalid user ftpuser from 176.65.132.22
May 31 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: input_userauth_request: invalid user ftpuser [preauth]
May 31 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Failed password for root from 202.133.90.219 port 55806 ssh2
May 31 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Failed password for invalid user ftpuser from 176.65.132.22 port 56584 ssh2
May 31 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Connection closed by 176.65.132.22 port 56584 [preauth]
May 31 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Connection closed by 202.133.90.219 port 55806 [preauth]
May 31 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Invalid user labuser from 176.65.132.22
May 31 07:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: input_userauth_request: invalid user labuser [preauth]
May 31 07:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Failed password for invalid user labuser from 176.65.132.22 port 56600 ssh2
May 31 07:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Connection closed by 176.65.132.22 port 56600 [preauth]
May 31 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: Invalid user ubuntu from 176.65.132.22
May 31 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: Failed password for invalid user ubuntu from 176.65.132.22 port 42076 ssh2
May 31 07:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: Connection closed by 176.65.132.22 port 42076 [preauth]
May 31 07:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Invalid user www from 176.65.132.22
May 31 07:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: input_userauth_request: invalid user www [preauth]
May 31 07:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for invalid user www from 176.65.132.22 port 42088 ssh2
May 31 07:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 176.65.132.22 port 42088 [preauth]
May 31 07:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session closed for user root
May 31 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Invalid user dev from 176.65.132.22
May 31 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: input_userauth_request: invalid user dev [preauth]
May 31 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Failed password for invalid user dev from 176.65.132.22 port 54984 ssh2
May 31 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Connection closed by 176.65.132.22 port 54984 [preauth]
May 31 07:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: Invalid user dev from 176.65.132.22
May 31 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: input_userauth_request: invalid user dev [preauth]
May 31 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: Failed password for invalid user dev from 176.65.132.22 port 54990 ssh2
May 31 07:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: Connection closed by 176.65.132.22 port 54990 [preauth]
May 31 07:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 07:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4670]: Failed password for root from 51.250.105.222 port 56240 ssh2
May 31 07:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4670]: Connection closed by 51.250.105.222 port 56240 [preauth]
May 31 07:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Failed password for root from 176.65.132.22 port 33708 ssh2
May 31 07:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Connection closed by 176.65.132.22 port 33708 [preauth]
May 31 07:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: Failed password for root from 176.65.132.22 port 33718 ssh2
May 31 07:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: Connection closed by 176.65.132.22 port 33718 [preauth]
May 31 07:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Invalid user jack from 176.65.132.22
May 31 07:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: input_userauth_request: invalid user jack [preauth]
May 31 07:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Failed password for root from 191.5.31.61 port 41222 ssh2
May 31 07:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Received disconnect from 191.5.31.61 port 41222:11: Bye Bye [preauth]
May 31 07:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Disconnected from 191.5.31.61 port 41222 [preauth]
May 31 07:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Failed password for invalid user jack from 176.65.132.22 port 56020 ssh2
May 31 07:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Connection closed by 176.65.132.22 port 56020 [preauth]
May 31 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Invalid user ssa from 103.176.20.115
May 31 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: input_userauth_request: invalid user ssa [preauth]
May 31 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Failed password for invalid user ssa from 103.176.20.115 port 58478 ssh2
May 31 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Received disconnect from 103.176.20.115 port 58478:11: Bye Bye [preauth]
May 31 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Disconnected from 103.176.20.115 port 58478 [preauth]
May 31 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Invalid user vbox from 176.65.132.22
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: input_userauth_request: invalid user vbox [preauth]
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4725]: pam_unix(cron:session): session closed for user p13x
May 31 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4805]: Successful su for rubyman by root
May 31 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4805]: + ??? root:rubyman
May 31 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427963 of user rubyman.
May 31 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4805]: pam_unix(su:session): session closed for user rubyman
May 31 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427963.
May 31 07:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Failed password for invalid user vbox from 176.65.132.22 port 36366 ssh2
May 31 07:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Connection closed by 176.65.132.22 port 36366 [preauth]
May 31 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1790]: pam_unix(cron:session): session closed for user root
May 31 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4726]: pam_unix(cron:session): session closed for user samftp
May 31 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Invalid user rock from 176.65.132.22
May 31 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: input_userauth_request: invalid user rock [preauth]
May 31 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Failed password for invalid user rock from 176.65.132.22 port 36380 ssh2
May 31 07:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Connection closed by 176.65.132.22 port 36380 [preauth]
May 31 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: Failed password for root from 109.172.54.111 port 46872 ssh2
May 31 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: Connection closed by 109.172.54.111 port 46872 [preauth]
May 31 07:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5006]: Failed password for root from 176.65.132.22 port 40866 ssh2
May 31 07:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5006]: Connection closed by 176.65.132.22 port 40866 [preauth]
May 31 07:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Failed password for root from 176.65.132.22 port 40878 ssh2
May 31 07:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Connection closed by 176.65.132.22 port 40878 [preauth]
May 31 07:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Invalid user git from 176.65.132.22
May 31 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: input_userauth_request: invalid user git [preauth]
May 31 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Failed password for invalid user git from 176.65.132.22 port 50180 ssh2
May 31 07:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Connection closed by 176.65.132.22 port 50180 [preauth]
May 31 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Failed password for root from 176.65.132.22 port 50190 ssh2
May 31 07:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 176.65.132.22 port 50190 [preauth]
May 31 07:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session closed for user root
May 31 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Failed password for root from 176.65.132.22 port 38552 ssh2
May 31 07:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Connection closed by 176.65.132.22 port 38552 [preauth]
May 31 07:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Invalid user gateway from 176.65.132.22
May 31 07:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: input_userauth_request: invalid user gateway [preauth]
May 31 07:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Failed password for root from 202.133.90.219 port 49404 ssh2
May 31 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Failed password for invalid user gateway from 176.65.132.22 port 38568 ssh2
May 31 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Connection closed by 176.65.132.22 port 38568 [preauth]
May 31 07:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Connection closed by 202.133.90.219 port 49404 [preauth]
May 31 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Invalid user ubuntu from 176.65.132.22
May 31 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Failed password for invalid user ubuntu from 176.65.132.22 port 57112 ssh2
May 31 07:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Connection closed by 176.65.132.22 port 57112 [preauth]
May 31 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Invalid user csgoserver from 103.176.20.115
May 31 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: input_userauth_request: invalid user csgoserver [preauth]
May 31 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115
May 31 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for invalid user csgoserver from 103.176.20.115 port 45268 ssh2
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Received disconnect from 103.176.20.115 port 45268:11: Bye Bye [preauth]
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Disconnected from 103.176.20.115 port 45268 [preauth]
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Invalid user user from 176.65.132.22
May 31 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: input_userauth_request: invalid user user [preauth]
May 31 07:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Failed password for root from 194.113.233.25 port 45806 ssh2
May 31 07:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Connection closed by 194.113.233.25 port 45806 [preauth]
May 31 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Failed password for invalid user user from 176.65.132.22 port 34110 ssh2
May 31 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Connection closed by 176.65.132.22 port 34110 [preauth]
May 31 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Failed password for root from 176.65.132.22 port 34124 ssh2
May 31 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Connection closed by 176.65.132.22 port 34124 [preauth]
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5177]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session closed for user p13x
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: Successful su for rubyman by root
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: + ??? root:rubyman
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427967 of user rubyman.
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: pam_unix(su:session): session closed for user rubyman
May 31 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427967.
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session closed for user root
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: Invalid user deploy from 176.65.132.22
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: input_userauth_request: invalid user deploy [preauth]
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session closed for user samftp
May 31 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: Failed password for invalid user deploy from 176.65.132.22 port 49958 ssh2
May 31 07:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: Connection closed by 176.65.132.22 port 49958 [preauth]
May 31 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for root from 176.65.132.22 port 49970 ssh2
May 31 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Connection closed by 176.65.132.22 port 49970 [preauth]
May 31 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: Invalid user trader from 176.65.132.22
May 31 07:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: input_userauth_request: invalid user trader [preauth]
May 31 07:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: Failed password for invalid user trader from 176.65.132.22 port 48766 ssh2
May 31 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: Connection closed by 176.65.132.22 port 48766 [preauth]
May 31 07:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: Invalid user sysupdate from 176.65.132.22
May 31 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: input_userauth_request: invalid user sysupdate [preauth]
May 31 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: Failed password for invalid user sysupdate from 176.65.132.22 port 44824 ssh2
May 31 07:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: Connection closed by 176.65.132.22 port 44824 [preauth]
May 31 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Invalid user dolphinscheduler from 176.65.132.22
May 31 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: input_userauth_request: invalid user dolphinscheduler [preauth]
May 31 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Failed password for invalid user dolphinscheduler from 176.65.132.22 port 44828 ssh2
May 31 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Connection closed by 176.65.132.22 port 44828 [preauth]
May 31 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Invalid user username from 176.65.132.22
May 31 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: input_userauth_request: invalid user username [preauth]
May 31 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session closed for user root
May 31 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Failed password for invalid user username from 176.65.132.22 port 41350 ssh2
May 31 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Connection closed by 176.65.132.22 port 41350 [preauth]
May 31 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Invalid user minecraft from 176.65.132.22
May 31 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: input_userauth_request: invalid user minecraft [preauth]
May 31 07:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115  user=root
May 31 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Failed password for invalid user minecraft from 176.65.132.22 port 41364 ssh2
May 31 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Connection closed by 176.65.132.22 port 41364 [preauth]
May 31 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Failed password for root from 103.176.20.115 port 60306 ssh2
May 31 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Received disconnect from 103.176.20.115 port 60306:11: Bye Bye [preauth]
May 31 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Disconnected from 103.176.20.115 port 60306 [preauth]
May 31 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: Failed password for root from 176.65.132.22 port 58310 ssh2
May 31 07:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: Connection closed by 176.65.132.22 port 58310 [preauth]
May 31 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Failed password for root from 172.174.17.234 port 53370 ssh2
May 31 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Received disconnect from 172.174.17.234 port 53370:11: Bye Bye [preauth]
May 31 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Disconnected from 172.174.17.234 port 53370 [preauth]
May 31 07:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Invalid user nexus from 176.65.132.22
May 31 07:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: input_userauth_request: invalid user nexus [preauth]
May 31 07:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Failed password for invalid user nexus from 176.65.132.22 port 45284 ssh2
May 31 07:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Connection closed by 176.65.132.22 port 45284 [preauth]
May 31 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Failed password for root from 176.65.132.22 port 45292 ssh2
May 31 07:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Connection closed by 176.65.132.22 port 45292 [preauth]
May 31 07:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user p13x
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5655]: Successful su for rubyman by root
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5655]: + ??? root:rubyman
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427971 of user rubyman.
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5655]: pam_unix(su:session): session closed for user rubyman
May 31 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427971.
May 31 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: Invalid user dev from 176.65.132.22
May 31 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: input_userauth_request: invalid user dev [preauth]
May 31 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session closed for user root
May 31 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Failed password for root from 191.5.31.61 port 59392 ssh2
May 31 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Received disconnect from 191.5.31.61 port 59392:11: Bye Bye [preauth]
May 31 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Disconnected from 191.5.31.61 port 59392 [preauth]
May 31 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: Failed password for invalid user dev from 176.65.132.22 port 38310 ssh2
May 31 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user samftp
May 31 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5733]: Connection closed by 176.65.132.22 port 38310 [preauth]
May 31 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Failed password for root from 202.133.90.219 port 52430 ssh2
May 31 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Invalid user openclaw from 176.65.132.22
May 31 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Connection closed by 202.133.90.219 port 52430 [preauth]
May 31 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Failed password for invalid user openclaw from 176.65.132.22 port 38322 ssh2
May 31 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Connection closed by 176.65.132.22 port 38322 [preauth]
May 31 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: Invalid user tester from 176.65.132.22
May 31 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: input_userauth_request: invalid user tester [preauth]
May 31 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: Failed password for invalid user tester from 176.65.132.22 port 51578 ssh2
May 31 07:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: Connection closed by 176.65.132.22 port 51578 [preauth]
May 31 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Failed password for root from 176.65.132.22 port 51586 ssh2
May 31 07:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Connection closed by 176.65.132.22 port 51586 [preauth]
May 31 07:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Invalid user lighthouse from 176.65.132.22
May 31 07:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: input_userauth_request: invalid user lighthouse [preauth]
May 31 07:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Failed password for invalid user lighthouse from 176.65.132.22 port 46596 ssh2
May 31 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Connection closed by 176.65.132.22 port 46596 [preauth]
May 31 07:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session closed for user root
May 31 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Failed password for root from 176.65.132.22 port 39644 ssh2
May 31 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Connection closed by 176.65.132.22 port 39644 [preauth]
May 31 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for root from 176.65.132.22 port 39658 ssh2
May 31 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Connection closed by 176.65.132.22 port 39658 [preauth]
May 31 07:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: Failed password for root from 176.65.132.22 port 58226 ssh2
May 31 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: Connection closed by 176.65.132.22 port 58226 [preauth]
May 31 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Invalid user deploy from 176.65.132.22
May 31 07:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: input_userauth_request: invalid user deploy [preauth]
May 31 07:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for invalid user deploy from 176.65.132.22 port 58234 ssh2
May 31 07:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Connection closed by 176.65.132.22 port 58234 [preauth]
May 31 07:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Invalid user ts3 from 176.65.132.22
May 31 07:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: input_userauth_request: invalid user ts3 [preauth]
May 31 07:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Failed password for invalid user ts3 from 176.65.132.22 port 42176 ssh2
May 31 07:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Connection closed by 176.65.132.22 port 42176 [preauth]
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session closed for user p13x
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6108]: Successful su for rubyman by root
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6108]: + ??? root:rubyman
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427975 of user rubyman.
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6108]: pam_unix(su:session): session closed for user rubyman
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427975.
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Invalid user amin from 176.65.132.22
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: input_userauth_request: invalid user amin [preauth]
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user root
May 31 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user root
May 31 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Failed password for invalid user amin from 176.65.132.22 port 39428 ssh2
May 31 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Connection closed by 176.65.132.22 port 39428 [preauth]
May 31 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user samftp
May 31 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Invalid user runner from 176.65.132.22
May 31 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: input_userauth_request: invalid user runner [preauth]
May 31 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Failed password for invalid user runner from 176.65.132.22 port 39436 ssh2
May 31 07:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Connection closed by 176.65.132.22 port 39436 [preauth]
May 31 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Invalid user claude from 176.65.132.22
May 31 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: input_userauth_request: invalid user claude [preauth]
May 31 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Failed password for invalid user claude from 176.65.132.22 port 45158 ssh2
May 31 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Connection closed by 176.65.132.22 port 45158 [preauth]
May 31 07:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Invalid user tester from 176.65.132.22
May 31 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: input_userauth_request: invalid user tester [preauth]
May 31 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Failed password for root from 62.133.62.83 port 37196 ssh2
May 31 07:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Failed password for invalid user tester from 176.65.132.22 port 45174 ssh2
May 31 07:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Connection closed by 62.133.62.83 port 37196 [preauth]
May 31 07:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 176.65.132.22 port 45174 [preauth]
May 31 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Invalid user developer from 176.65.132.22
May 31 07:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: input_userauth_request: invalid user developer [preauth]
May 31 07:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user developer from 176.65.132.22 port 43552 ssh2
May 31 07:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Connection closed by 176.65.132.22 port 43552 [preauth]
May 31 07:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Invalid user oracle from 176.65.132.22
May 31 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: input_userauth_request: invalid user oracle [preauth]
May 31 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session closed for user root
May 31 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user oracle from 176.65.132.22 port 52380 ssh2
May 31 07:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Connection closed by 176.65.132.22 port 52380 [preauth]
May 31 07:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.115  user=root
May 31 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Failed password for root from 202.133.90.219 port 46852 ssh2
May 31 07:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Failed password for root from 103.176.20.115 port 47196 ssh2
May 31 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Received disconnect from 103.176.20.115 port 47196:11: Bye Bye [preauth]
May 31 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Disconnected from 103.176.20.115 port 47196 [preauth]
May 31 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Connection closed by 202.133.90.219 port 46852 [preauth]
May 31 07:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for root from 176.65.132.22 port 52400 ssh2
May 31 07:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Connection closed by 176.65.132.22 port 52400 [preauth]
May 31 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Invalid user minecraft from 176.65.132.22
May 31 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: input_userauth_request: invalid user minecraft [preauth]
May 31 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for invalid user minecraft from 176.65.132.22 port 49122 ssh2
May 31 07:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Connection closed by 176.65.132.22 port 49122 [preauth]
May 31 07:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Invalid user wso2 from 176.65.132.22
May 31 07:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: input_userauth_request: invalid user wso2 [preauth]
May 31 07:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Failed password for invalid user wso2 from 176.65.132.22 port 49136 ssh2
May 31 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6473]: Connection closed by 176.65.132.22 port 49136 [preauth]
May 31 07:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Invalid user ts3 from 176.65.132.22
May 31 07:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: input_userauth_request: invalid user ts3 [preauth]
May 31 07:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for invalid user ts3 from 176.65.132.22 port 37606 ssh2
May 31 07:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Connection closed by 176.65.132.22 port 37606 [preauth]
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6502]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6503]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session closed for user root
May 31 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session closed for user p13x
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6566]: Successful su for rubyman by root
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6566]: + ??? root:rubyman
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Invalid user claude from 176.65.132.22
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: input_userauth_request: invalid user claude [preauth]
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427982 of user rubyman.
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6566]: pam_unix(su:session): session closed for user rubyman
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427982.
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session closed for user root
May 31 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3647]: pam_unix(cron:session): session closed for user root
May 31 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Failed password for invalid user claude from 176.65.132.22 port 56162 ssh2
May 31 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Connection closed by 176.65.132.22 port 56162 [preauth]
May 31 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session closed for user samftp
May 31 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Failed password for root from 176.65.132.22 port 56176 ssh2
May 31 07:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Connection closed by 176.65.132.22 port 56176 [preauth]
May 31 07:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Invalid user rajvir from 176.65.132.22
May 31 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: input_userauth_request: invalid user rajvir [preauth]
May 31 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Invalid user git from 191.5.31.61
May 31 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: input_userauth_request: invalid user git [preauth]
May 31 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Failed password for invalid user rajvir from 176.65.132.22 port 56748 ssh2
May 31 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Connection closed by 176.65.132.22 port 56748 [preauth]
May 31 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Failed password for invalid user git from 191.5.31.61 port 37938 ssh2
May 31 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Received disconnect from 191.5.31.61 port 37938:11: Bye Bye [preauth]
May 31 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Disconnected from 191.5.31.61 port 37938 [preauth]
May 31 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Invalid user sam from 176.65.132.22
May 31 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: input_userauth_request: invalid user sam [preauth]
May 31 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for invalid user sam from 176.65.132.22 port 56764 ssh2
May 31 07:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Connection closed by 176.65.132.22 port 56764 [preauth]
May 31 07:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Invalid user sam from 176.65.132.22
May 31 07:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: input_userauth_request: invalid user sam [preauth]
May 31 07:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user sam from 176.65.132.22 port 37226 ssh2
May 31 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Connection closed by 176.65.132.22 port 37226 [preauth]
May 31 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Invalid user plex from 176.65.132.22
May 31 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: input_userauth_request: invalid user plex [preauth]
May 31 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user root
May 31 07:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Failed password for invalid user plex from 176.65.132.22 port 33180 ssh2
May 31 07:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Connection closed by 176.65.132.22 port 33180 [preauth]
May 31 07:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Invalid user devops from 176.65.132.22
May 31 07:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: input_userauth_request: invalid user devops [preauth]
May 31 07:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Failed password for invalid user devops from 176.65.132.22 port 33188 ssh2
May 31 07:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Connection closed by 176.65.132.22 port 33188 [preauth]
May 31 07:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: Invalid user ansible from 176.65.132.22
May 31 07:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: input_userauth_request: invalid user ansible [preauth]
May 31 07:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: Failed password for invalid user ansible from 176.65.132.22 port 42162 ssh2
May 31 07:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6921]: Connection closed by 176.65.132.22 port 42162 [preauth]
May 31 07:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Invalid user postgres from 176.65.132.22
May 31 07:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: input_userauth_request: invalid user postgres [preauth]
May 31 07:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Failed password for invalid user postgres from 176.65.132.22 port 42172 ssh2
May 31 07:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Connection closed by 176.65.132.22 port 42172 [preauth]
May 31 07:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Failed password for root from 176.65.132.22 port 41226 ssh2
May 31 07:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Connection closed by 176.65.132.22 port 41226 [preauth]
May 31 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6971]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6968]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6966]: pam_unix(cron:session): session closed for user p13x
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: Successful su for rubyman by root
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: + ??? root:rubyman
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427986 of user rubyman.
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: pam_unix(su:session): session closed for user rubyman
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427986.
May 31 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: Invalid user oracle from 176.65.132.22
May 31 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: input_userauth_request: invalid user oracle [preauth]
May 31 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session closed for user root
May 31 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: Failed password for invalid user oracle from 176.65.132.22 port 47108 ssh2
May 31 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7143]: Connection closed by 176.65.132.22 port 47108 [preauth]
May 31 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session closed for user samftp
May 31 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Failed password for root from 202.133.90.219 port 48786 ssh2
May 31 07:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Connection closed by 202.133.90.219 port 48786 [preauth]
May 31 07:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Invalid user teamspeak from 176.65.132.22
May 31 07:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: input_userauth_request: invalid user teamspeak [preauth]
May 31 07:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Failed password for invalid user teamspeak from 176.65.132.22 port 47118 ssh2
May 31 07:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Connection closed by 176.65.132.22 port 47118 [preauth]
May 31 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Invalid user mas from 172.174.17.234
May 31 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: input_userauth_request: invalid user mas [preauth]
May 31 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234
May 31 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Invalid user debian from 176.65.132.22
May 31 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: input_userauth_request: invalid user debian [preauth]
May 31 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Did not receive identification string from 171.211.125.105
May 31 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Failed password for invalid user debian from 176.65.132.22 port 35768 ssh2
May 31 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Connection closed by 176.65.132.22 port 35768 [preauth]
May 31 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Failed password for invalid user mas from 172.174.17.234 port 55832 ssh2
May 31 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Received disconnect from 172.174.17.234 port 55832:11: Bye Bye [preauth]
May 31 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Disconnected from 172.174.17.234 port 55832 [preauth]
May 31 07:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: Invalid user user1 from 176.65.132.22
May 31 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: input_userauth_request: invalid user user1 [preauth]
May 31 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: Failed password for invalid user user1 from 176.65.132.22 port 35784 ssh2
May 31 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: Connection closed by 176.65.132.22 port 35784 [preauth]
May 31 07:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Invalid user dev from 176.65.132.22
May 31 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: input_userauth_request: invalid user dev [preauth]
May 31 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Failed password for invalid user dev from 176.65.132.22 port 55028 ssh2
May 31 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Connection closed by 176.65.132.22 port 55028 [preauth]
May 31 07:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session closed for user root
May 31 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for root from 176.65.132.22 port 39666 ssh2
May 31 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Connection closed by 176.65.132.22 port 39666 [preauth]
May 31 07:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Invalid user bot from 176.65.132.22
May 31 07:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: input_userauth_request: invalid user bot [preauth]
May 31 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user bot from 176.65.132.22 port 39678 ssh2
May 31 07:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Connection closed by 176.65.132.22 port 39678 [preauth]
May 31 07:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: Invalid user claude from 176.65.132.22
May 31 07:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: input_userauth_request: invalid user claude [preauth]
May 31 07:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: Failed password for invalid user claude from 176.65.132.22 port 39512 ssh2
May 31 07:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: Connection closed by 176.65.132.22 port 39512 [preauth]
May 31 07:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Failed password for root from 176.65.132.22 port 39522 ssh2
May 31 07:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Connection closed by 176.65.132.22 port 39522 [preauth]
May 31 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: Invalid user webuser from 176.65.132.22
May 31 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: input_userauth_request: invalid user webuser [preauth]
May 31 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: Failed password for invalid user webuser from 176.65.132.22 port 56216 ssh2
May 31 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: Connection closed by 176.65.132.22 port 56216 [preauth]
May 31 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session closed for user p13x
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7542]: Successful su for rubyman by root
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7542]: + ??? root:rubyman
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427990 of user rubyman.
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7542]: pam_unix(su:session): session closed for user rubyman
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427990.
May 31 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session closed for user root
May 31 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Failed password for root from 176.65.132.22 port 46952 ssh2
May 31 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Connection closed by 176.65.132.22 port 46952 [preauth]
May 31 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session closed for user samftp
May 31 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Invalid user student from 176.65.132.22
May 31 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: input_userauth_request: invalid user student [preauth]
May 31 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Failed password for invalid user student from 176.65.132.22 port 46966 ssh2
May 31 07:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Connection closed by 176.65.132.22 port 46966 [preauth]
May 31 07:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Invalid user openclaw from 176.65.132.22
May 31 07:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: input_userauth_request: invalid user openclaw [preauth]
May 31 07:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Failed password for invalid user openclaw from 176.65.132.22 port 52658 ssh2
May 31 07:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Connection closed by 176.65.132.22 port 52658 [preauth]
May 31 07:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Invalid user gary from 176.65.132.22
May 31 07:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: input_userauth_request: invalid user gary [preauth]
May 31 07:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user gary from 176.65.132.22 port 52670 ssh2
May 31 07:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Connection closed by 176.65.132.22 port 52670 [preauth]
May 31 07:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Invalid user vpn from 191.5.31.61
May 31 07:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: input_userauth_request: invalid user vpn [preauth]
May 31 07:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Failed password for invalid user vpn from 191.5.31.61 port 40834 ssh2
May 31 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Received disconnect from 191.5.31.61 port 40834:11: Bye Bye [preauth]
May 31 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Disconnected from 191.5.31.61 port 40834 [preauth]
May 31 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Invalid user steam from 176.65.132.22
May 31 07:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: input_userauth_request: invalid user steam [preauth]
May 31 07:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Failed password for invalid user steam from 176.65.132.22 port 39066 ssh2
May 31 07:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Connection closed by 176.65.132.22 port 39066 [preauth]
May 31 07:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6503]: pam_unix(cron:session): session closed for user root
May 31 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Failed password for root from 176.65.132.22 port 38254 ssh2
May 31 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Connection closed by 176.65.132.22 port 38254 [preauth]
May 31 07:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: Failed password for root from 202.133.90.219 port 32966 ssh2
May 31 07:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: Connection closed by 202.133.90.219 port 32966 [preauth]
May 31 07:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: Received disconnect from 89.163.206.178 port 53246:11: disconnected by user [preauth]
May 31 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: Disconnected from 89.163.206.178 port 53246 [preauth]
May 31 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Failed password for root from 176.65.132.22 port 38256 ssh2
May 31 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Connection closed by 176.65.132.22 port 38256 [preauth]
May 31 07:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: Failed password for root from 46.19.67.181 port 42566 ssh2
May 31 07:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: Connection closed by 46.19.67.181 port 42566 [preauth]
May 31 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Invalid user pi from 176.65.132.22
May 31 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: input_userauth_request: invalid user pi [preauth]
May 31 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Failed password for invalid user pi from 176.65.132.22 port 32892 ssh2
May 31 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Connection closed by 176.65.132.22 port 32892 [preauth]
May 31 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Received disconnect from 186.190.215.90 port 9530:11: disconnected by user [preauth]
May 31 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Disconnected from 186.190.215.90 port 9530 [preauth]
May 31 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Invalid user monitor from 176.65.132.22
May 31 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: input_userauth_request: invalid user monitor [preauth]
May 31 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Failed password for invalid user monitor from 176.65.132.22 port 55946 ssh2
May 31 07:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Connection closed by 176.65.132.22 port 55946 [preauth]
May 31 07:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Failed password for root from 176.65.132.22 port 55960 ssh2
May 31 07:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Connection closed by 176.65.132.22 port 55960 [preauth]
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7994]: pam_unix(cron:session): session closed for user p13x
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: Successful su for rubyman by root
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: + ??? root:rubyman
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427994 of user rubyman.
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: pam_unix(su:session): session closed for user rubyman
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427994.
May 31 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: Failed password for root from 80.94.95.115 port 54516 ssh2
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: Invalid user admin from 176.65.132.22
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: input_userauth_request: invalid user admin [preauth]
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: Connection closed by 80.94.95.115 port 54516 [preauth]
May 31 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5177]: pam_unix(cron:session): session closed for user root
May 31 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: Failed password for invalid user admin from 176.65.132.22 port 54660 ssh2
May 31 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8120]: Connection closed by 176.65.132.22 port 54660 [preauth]
May 31 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7995]: pam_unix(cron:session): session closed for user samftp
May 31 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Invalid user oscar from 176.65.132.22
May 31 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: input_userauth_request: invalid user oscar [preauth]
May 31 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Failed password for invalid user oscar from 176.65.132.22 port 54670 ssh2
May 31 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Connection closed by 176.65.132.22 port 54670 [preauth]
May 31 07:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Failed password for root from 176.65.132.22 port 47992 ssh2
May 31 07:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Connection closed by 176.65.132.22 port 47992 [preauth]
May 31 07:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Invalid user jenkins from 176.65.132.22
May 31 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: input_userauth_request: invalid user jenkins [preauth]
May 31 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Failed password for invalid user jenkins from 176.65.132.22 port 48008 ssh2
May 31 07:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Connection closed by 176.65.132.22 port 48008 [preauth]
May 31 07:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 07:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Failed password for root from 80.66.85.226 port 48822 ssh2
May 31 07:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Connection closed by 80.66.85.226 port 48822 [preauth]
May 31 07:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Failed password for root from 176.65.132.22 port 41908 ssh2
May 31 07:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Connection closed by 176.65.132.22 port 41908 [preauth]
May 31 07:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Failed password for root from 176.65.132.22 port 53252 ssh2
May 31 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Connection closed by 176.65.132.22 port 53252 [preauth]
May 31 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6971]: pam_unix(cron:session): session closed for user root
May 31 07:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Invalid user postgres from 176.65.132.22
May 31 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: input_userauth_request: invalid user postgres [preauth]
May 31 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Failed password for invalid user postgres from 176.65.132.22 port 53256 ssh2
May 31 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Connection closed by 176.65.132.22 port 53256 [preauth]
May 31 07:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Failed password for root from 176.65.132.22 port 37786 ssh2
May 31 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Connection closed by 176.65.132.22 port 37786 [preauth]
May 31 07:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for root from 176.65.132.22 port 37798 ssh2
May 31 07:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 176.65.132.22 port 37798 [preauth]
May 31 07:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Failed password for root from 176.65.132.22 port 57848 ssh2
May 31 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Connection closed by 176.65.132.22 port 57848 [preauth]
May 31 07:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: Invalid user vagrant from 176.65.132.22
May 31 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: input_userauth_request: invalid user vagrant [preauth]
May 31 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session closed for user p13x
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: Successful su for rubyman by root
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: + ??? root:rubyman
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 427999 of user rubyman.
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8474]: pam_unix(su:session): session closed for user rubyman
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 427999.
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: Failed password for invalid user vagrant from 176.65.132.22 port 57862 ssh2
May 31 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8401]: Connection closed by 176.65.132.22 port 57862 [preauth]
May 31 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user root
May 31 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8413]: pam_unix(cron:session): session closed for user samftp
May 31 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Invalid user martin from 176.65.132.22
May 31 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: input_userauth_request: invalid user martin [preauth]
May 31 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Failed password for invalid user martin from 176.65.132.22 port 40710 ssh2
May 31 07:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Connection closed by 176.65.132.22 port 40710 [preauth]
May 31 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Failed password for root from 202.133.90.219 port 55168 ssh2
May 31 07:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: Failed password for root from 176.65.132.22 port 55208 ssh2
May 31 07:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: Connection closed by 176.65.132.22 port 55208 [preauth]
May 31 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Connection closed by 202.133.90.219 port 55168 [preauth]
May 31 07:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Invalid user david from 176.65.132.22
May 31 07:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: input_userauth_request: invalid user david [preauth]
May 31 07:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Failed password for invalid user david from 176.65.132.22 port 55230 ssh2
May 31 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Connection closed by 176.65.132.22 port 55230 [preauth]
May 31 07:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Invalid user zahra from 176.65.132.22
May 31 07:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: input_userauth_request: invalid user zahra [preauth]
May 31 07:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Failed password for invalid user zahra from 176.65.132.22 port 44068 ssh2
May 31 07:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Connection closed by 176.65.132.22 port 44068 [preauth]
May 31 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Invalid user tester from 172.174.17.234
May 31 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: input_userauth_request: invalid user tester [preauth]
May 31 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234
May 31 07:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Invalid user guest from 176.65.132.22
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: input_userauth_request: invalid user guest [preauth]
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Failed password for invalid user tester from 172.174.17.234 port 38336 ssh2
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Received disconnect from 172.174.17.234 port 38336:11: Bye Bye [preauth]
May 31 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Disconnected from 172.174.17.234 port 38336 [preauth]
May 31 07:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user guest from 176.65.132.22 port 44076 ssh2
May 31 07:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Connection closed by 176.65.132.22 port 44076 [preauth]
May 31 07:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user root
May 31 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Failed password for root from 191.5.31.61 port 44664 ssh2
May 31 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Received disconnect from 191.5.31.61 port 44664:11: Bye Bye [preauth]
May 31 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Disconnected from 191.5.31.61 port 44664 [preauth]
May 31 07:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Failed password for root from 176.65.132.22 port 41312 ssh2
May 31 07:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Connection closed by 176.65.132.22 port 41312 [preauth]
May 31 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Invalid user test1 from 176.65.132.22
May 31 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: input_userauth_request: invalid user test1 [preauth]
May 31 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Failed password for invalid user test1 from 176.65.132.22 port 41320 ssh2
May 31 07:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Connection closed by 176.65.132.22 port 41320 [preauth]
May 31 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Invalid user deployer from 176.65.132.22
May 31 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: input_userauth_request: invalid user deployer [preauth]
May 31 07:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Failed password for invalid user deployer from 176.65.132.22 port 33678 ssh2
May 31 07:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Connection closed by 176.65.132.22 port 33678 [preauth]
May 31 07:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: Invalid user osmc from 176.65.132.22
May 31 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: input_userauth_request: invalid user osmc [preauth]
May 31 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: Failed password for invalid user osmc from 176.65.132.22 port 33702 ssh2
May 31 07:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: Connection closed by 176.65.132.22 port 33702 [preauth]
May 31 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Invalid user trinity from 176.65.132.22
May 31 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: input_userauth_request: invalid user trinity [preauth]
May 31 07:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Failed password for invalid user trinity from 176.65.132.22 port 44904 ssh2
May 31 07:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Connection closed by 176.65.132.22 port 44904 [preauth]
May 31 07:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Invalid user test from 176.65.132.22
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: input_userauth_request: invalid user test [preauth]
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8838]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8840]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8840]: pam_unix(cron:session): session closed for user root
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session closed for user p13x
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: Successful su for rubyman by root
May 31 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: + ??? root:rubyman
May 31 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428005 of user rubyman.
May 31 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: pam_unix(su:session): session closed for user rubyman
May 31 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428005.
May 31 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Failed password for invalid user test from 176.65.132.22 port 35460 ssh2
May 31 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Connection closed by 176.65.132.22 port 35460 [preauth]
May 31 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8837]: pam_unix(cron:session): session closed for user root
May 31 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session closed for user root
May 31 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session closed for user samftp
May 31 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Invalid user bob from 176.65.132.22
May 31 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: input_userauth_request: invalid user bob [preauth]
May 31 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Failed password for invalid user bob from 176.65.132.22 port 35462 ssh2
May 31 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Connection closed by 176.65.132.22 port 35462 [preauth]
May 31 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 07:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Invalid user frappe from 176.65.132.22
May 31 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: input_userauth_request: invalid user frappe [preauth]
May 31 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Failed password for root from 103.173.227.57 port 39726 ssh2
May 31 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Connection closed by 103.173.227.57 port 39726 [preauth]
May 31 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Failed password for invalid user frappe from 176.65.132.22 port 58024 ssh2
May 31 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Connection closed by 176.65.132.22 port 58024 [preauth]
May 31 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 07:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: Invalid user localhost from 176.65.132.22
May 31 07:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: input_userauth_request: invalid user localhost [preauth]
May 31 07:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: Failed password for root from 37.120.213.13 port 41770 ssh2
May 31 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: Connection closed by 37.120.213.13 port 41770 [preauth]
May 31 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: Failed password for invalid user localhost from 176.65.132.22 port 58042 ssh2
May 31 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: Connection closed by 176.65.132.22 port 58042 [preauth]
May 31 07:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: Invalid user user from 176.65.132.22
May 31 07:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: input_userauth_request: invalid user user [preauth]
May 31 07:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: Failed password for invalid user user from 176.65.132.22 port 51672 ssh2
May 31 07:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: Connection closed by 176.65.132.22 port 51672 [preauth]
May 31 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: Invalid user claude from 176.65.132.22
May 31 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: input_userauth_request: invalid user claude [preauth]
May 31 07:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session closed for user root
May 31 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: Failed password for invalid user claude from 176.65.132.22 port 51674 ssh2
May 31 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: Connection closed by 176.65.132.22 port 51674 [preauth]
May 31 07:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Invalid user cloud from 176.65.132.22
May 31 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: input_userauth_request: invalid user cloud [preauth]
May 31 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Failed password for invalid user cloud from 176.65.132.22 port 50734 ssh2
May 31 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Connection closed by 176.65.132.22 port 50734 [preauth]
May 31 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Failed password for root from 202.133.90.219 port 40116 ssh2
May 31 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: Invalid user user from 176.65.132.22
May 31 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: input_userauth_request: invalid user user [preauth]
May 31 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Connection closed by 202.133.90.219 port 40116 [preauth]
May 31 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: Failed password for invalid user user from 176.65.132.22 port 52780 ssh2
May 31 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: Connection closed by 176.65.132.22 port 52780 [preauth]
May 31 07:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: Invalid user toto from 176.65.132.22
May 31 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: input_userauth_request: invalid user toto [preauth]
May 31 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: Failed password for invalid user toto from 176.65.132.22 port 52792 ssh2
May 31 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: Connection closed by 176.65.132.22 port 52792 [preauth]
May 31 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Invalid user user10 from 176.65.132.22
May 31 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: input_userauth_request: invalid user user10 [preauth]
May 31 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Failed password for invalid user user10 from 176.65.132.22 port 55838 ssh2
May 31 07:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Connection closed by 176.65.132.22 port 55838 [preauth]
May 31 07:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: Invalid user private from 176.65.132.22
May 31 07:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: input_userauth_request: invalid user private [preauth]
May 31 07:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9292]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user p13x
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9355]: Successful su for rubyman by root
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9355]: + ??? root:rubyman
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428009 of user rubyman.
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9355]: pam_unix(su:session): session closed for user rubyman
May 31 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428009.
May 31 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: Failed password for invalid user private from 176.65.132.22 port 55856 ssh2
May 31 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9286]: Connection closed by 176.65.132.22 port 55856 [preauth]
May 31 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6502]: pam_unix(cron:session): session closed for user root
May 31 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user samftp
May 31 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Invalid user liyang from 176.65.132.22
May 31 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: input_userauth_request: invalid user liyang [preauth]
May 31 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for invalid user liyang from 176.65.132.22 port 57944 ssh2
May 31 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Connection closed by 176.65.132.22 port 57944 [preauth]
May 31 07:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for root from 176.65.132.22 port 45062 ssh2
May 31 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Connection closed by 176.65.132.22 port 45062 [preauth]
May 31 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Failed password for root from 176.65.132.22 port 45064 ssh2
May 31 07:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Connection closed by 176.65.132.22 port 45064 [preauth]
May 31 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: Invalid user admin from 176.65.132.22
May 31 07:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: input_userauth_request: invalid user admin [preauth]
May 31 07:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: Failed password for invalid user admin from 176.65.132.22 port 56746 ssh2
May 31 07:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9573]: Connection closed by 176.65.132.22 port 56746 [preauth]
May 31 07:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Invalid user frappe from 176.65.132.22
May 31 07:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: input_userauth_request: invalid user frappe [preauth]
May 31 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for invalid user frappe from 176.65.132.22 port 56754 ssh2
May 31 07:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Connection closed by 176.65.132.22 port 56754 [preauth]
May 31 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session closed for user root
May 31 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Invalid user gg from 176.65.132.22
May 31 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: input_userauth_request: invalid user gg [preauth]
May 31 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Failed password for invalid user gg from 176.65.132.22 port 40426 ssh2
May 31 07:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Connection closed by 176.65.132.22 port 40426 [preauth]
May 31 07:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Invalid user server from 176.65.132.22
May 31 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: input_userauth_request: invalid user server [preauth]
May 31 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Invalid user oliver from 191.5.31.61
May 31 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: input_userauth_request: invalid user oliver [preauth]
May 31 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61
May 31 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Failed password for invalid user server from 176.65.132.22 port 40438 ssh2
May 31 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Connection closed by 176.65.132.22 port 40438 [preauth]
May 31 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Failed password for invalid user oliver from 191.5.31.61 port 34130 ssh2
May 31 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Received disconnect from 191.5.31.61 port 34130:11: Bye Bye [preauth]
May 31 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Disconnected from 191.5.31.61 port 34130 [preauth]
May 31 07:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Invalid user server from 176.65.132.22
May 31 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: input_userauth_request: invalid user server [preauth]
May 31 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Failed password for invalid user server from 176.65.132.22 port 35506 ssh2
May 31 07:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Connection closed by 176.65.132.22 port 35506 [preauth]
May 31 07:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Invalid user rocky from 176.65.132.22
May 31 07:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: input_userauth_request: invalid user rocky [preauth]
May 31 07:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Failed password for invalid user rocky from 176.65.132.22 port 57064 ssh2
May 31 07:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Connection closed by 176.65.132.22 port 57064 [preauth]
May 31 07:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: Invalid user admin1 from 176.65.132.22
May 31 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: input_userauth_request: invalid user admin1 [preauth]
May 31 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: Failed password for invalid user admin1 from 176.65.132.22 port 57080 ssh2
May 31 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: Connection closed by 176.65.132.22 port 57080 [preauth]
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session closed for user p13x
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: Successful su for rubyman by root
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: + ??? root:rubyman
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428013 of user rubyman.
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: pam_unix(su:session): session closed for user rubyman
May 31 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428013.
May 31 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6968]: pam_unix(cron:session): session closed for user root
May 31 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Invalid user admin1 from 176.65.132.22
May 31 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: input_userauth_request: invalid user admin1 [preauth]
May 31 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session closed for user samftp
May 31 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user admin1 from 176.65.132.22 port 46542 ssh2
May 31 07:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Connection closed by 176.65.132.22 port 46542 [preauth]
May 31 07:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Failed password for root from 202.133.90.219 port 52530 ssh2
May 31 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Connection closed by 202.133.90.219 port 52530 [preauth]
May 31 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Invalid user developer from 176.65.132.22
May 31 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: input_userauth_request: invalid user developer [preauth]
May 31 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Failed password for invalid user developer from 176.65.132.22 port 46556 ssh2
May 31 07:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Connection closed by 176.65.132.22 port 46556 [preauth]
May 31 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Invalid user linuxuser from 176.65.132.22
May 31 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: input_userauth_request: invalid user linuxuser [preauth]
May 31 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for invalid user linuxuser from 176.65.132.22 port 36638 ssh2
May 31 07:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 176.65.132.22 port 36638 [preauth]
May 31 07:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Invalid user pi from 176.65.132.22
May 31 07:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: input_userauth_request: invalid user pi [preauth]
May 31 07:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Failed password for invalid user pi from 176.65.132.22 port 39372 ssh2
May 31 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Connection closed by 176.65.132.22 port 39372 [preauth]
May 31 07:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Invalid user pi from 176.65.132.22
May 31 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: input_userauth_request: invalid user pi [preauth]
May 31 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Failed password for invalid user pi from 176.65.132.22 port 39374 ssh2
May 31 07:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Connection closed by 176.65.132.22 port 39374 [preauth]
May 31 07:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: Invalid user aaa from 176.65.132.22
May 31 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: input_userauth_request: invalid user aaa [preauth]
May 31 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session closed for user root
May 31 07:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: Failed password for invalid user aaa from 176.65.132.22 port 56206 ssh2
May 31 07:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10219]: Connection closed by 176.65.132.22 port 56206 [preauth]
May 31 07:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Invalid user tom from 176.65.132.22
May 31 07:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: input_userauth_request: invalid user tom [preauth]
May 31 07:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Failed password for invalid user tom from 176.65.132.22 port 56216 ssh2
May 31 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Connection closed by 176.65.132.22 port 56216 [preauth]
May 31 07:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Invalid user newuser from 176.65.132.22
May 31 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: input_userauth_request: invalid user newuser [preauth]
May 31 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for invalid user newuser from 176.65.132.22 port 38976 ssh2
May 31 07:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Connection closed by 176.65.132.22 port 38976 [preauth]
May 31 07:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Invalid user amine from 176.65.132.22
May 31 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: input_userauth_request: invalid user amine [preauth]
May 31 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Failed password for invalid user amine from 176.65.132.22 port 48218 ssh2
May 31 07:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Connection closed by 176.65.132.22 port 48218 [preauth]
May 31 07:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Invalid user elastic from 176.65.132.22
May 31 07:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: input_userauth_request: invalid user elastic [preauth]
May 31 07:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for invalid user elastic from 176.65.132.22 port 48222 ssh2
May 31 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Connection closed by 176.65.132.22 port 48222 [preauth]
May 31 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10397]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session closed for user p13x
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10457]: Successful su for rubyman by root
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10457]: + ??? root:rubyman
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428017 of user rubyman.
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10457]: pam_unix(su:session): session closed for user rubyman
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428017.
May 31 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Invalid user administrator from 176.65.132.22
May 31 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: input_userauth_request: invalid user administrator [preauth]
May 31 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session closed for user root
May 31 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session closed for user samftp
May 31 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Failed password for invalid user administrator from 176.65.132.22 port 50286 ssh2
May 31 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Connection closed by 176.65.132.22 port 50286 [preauth]
May 31 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Invalid user test from 176.65.132.22
May 31 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: input_userauth_request: invalid user test [preauth]
May 31 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Failed password for invalid user test from 176.65.132.22 port 50294 ssh2
May 31 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Connection closed by 176.65.132.22 port 50294 [preauth]
May 31 07:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Invalid user user from 176.65.132.22
May 31 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: input_userauth_request: invalid user user [preauth]
May 31 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Failed password for invalid user user from 176.65.132.22 port 45214 ssh2
May 31 07:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Connection closed by 176.65.132.22 port 45214 [preauth]
May 31 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Invalid user test1 from 176.65.132.22
May 31 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: input_userauth_request: invalid user test1 [preauth]
May 31 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Failed password for invalid user test1 from 176.65.132.22 port 34454 ssh2
May 31 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Connection closed by 176.65.132.22 port 34454 [preauth]
May 31 07:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Failed password for root from 176.65.132.22 port 34460 ssh2
May 31 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Connection closed by 176.65.132.22 port 34460 [preauth]
May 31 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9292]: pam_unix(cron:session): session closed for user root
May 31 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Invalid user zimbra from 176.65.132.22
May 31 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: input_userauth_request: invalid user zimbra [preauth]
May 31 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Failed password for invalid user zimbra from 176.65.132.22 port 53682 ssh2
May 31 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Connection closed by 176.65.132.22 port 53682 [preauth]
May 31 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 07:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Failed password for root from 202.133.90.219 port 59030 ssh2
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Failed password for root from 103.82.132.16 port 46538 ssh2
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Connection closed by 202.133.90.219 port 59030 [preauth]
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Connection closed by 103.82.132.16 port 46538 [preauth]
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Invalid user student from 176.65.132.22
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: input_userauth_request: invalid user student [preauth]
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Failed password for invalid user student from 176.65.132.22 port 53692 ssh2
May 31 07:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Connection closed by 176.65.132.22 port 53692 [preauth]
May 31 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Invalid user support from 176.65.132.22
May 31 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: input_userauth_request: invalid user support [preauth]
May 31 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Failed password for invalid user support from 176.65.132.22 port 53896 ssh2
May 31 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Connection closed by 176.65.132.22 port 53896 [preauth]
May 31 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.5.31.61  user=root
May 31 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Invalid user user from 176.65.132.22
May 31 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: input_userauth_request: invalid user user [preauth]
May 31 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: Failed password for root from 191.5.31.61 port 46778 ssh2
May 31 07:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: Received disconnect from 191.5.31.61 port 46778:11: Bye Bye [preauth]
May 31 07:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: Disconnected from 191.5.31.61 port 46778 [preauth]
May 31 07:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Failed password for invalid user user from 176.65.132.22 port 60728 ssh2
May 31 07:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Connection closed by 176.65.132.22 port 60728 [preauth]
May 31 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: Invalid user sftpuser from 176.65.132.22
May 31 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: input_userauth_request: invalid user sftpuser [preauth]
May 31 07:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: Failed password for invalid user sftpuser from 176.65.132.22 port 60738 ssh2
May 31 07:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: Connection closed by 176.65.132.22 port 60738 [preauth]
May 31 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10853]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session closed for user p13x
May 31 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: Successful su for rubyman by root
May 31 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: + ??? root:rubyman
May 31 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428020 of user rubyman.
May 31 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: pam_unix(su:session): session closed for user rubyman
May 31 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428020.
May 31 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: Invalid user opc from 176.65.132.22
May 31 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: input_userauth_request: invalid user opc [preauth]
May 31 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session closed for user root
May 31 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user samftp
May 31 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: Failed password for invalid user opc from 176.65.132.22 port 45634 ssh2
May 31 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: Connection closed by 176.65.132.22 port 45634 [preauth]
May 31 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Invalid user appuser from 176.65.132.22
May 31 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: input_userauth_request: invalid user appuser [preauth]
May 31 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Failed password for invalid user appuser from 176.65.132.22 port 45646 ssh2
May 31 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Connection closed by 176.65.132.22 port 45646 [preauth]
May 31 07:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Failed password for root from 176.65.132.22 port 35304 ssh2
May 31 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Connection closed by 176.65.132.22 port 35304 [preauth]
May 31 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: Invalid user fa from 176.65.132.22
May 31 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: input_userauth_request: invalid user fa [preauth]
May 31 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: Failed password for invalid user fa from 176.65.132.22 port 53258 ssh2
May 31 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: Connection closed by 176.65.132.22 port 53258 [preauth]
May 31 07:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Invalid user redhat from 176.65.132.22
May 31 07:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: input_userauth_request: invalid user redhat [preauth]
May 31 07:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Failed password for invalid user redhat from 176.65.132.22 port 53264 ssh2
May 31 07:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Connection closed by 176.65.132.22 port 53264 [preauth]
May 31 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session closed for user root
May 31 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Invalid user runner from 176.65.132.22
May 31 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: input_userauth_request: invalid user runner [preauth]
May 31 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Failed password for invalid user runner from 176.65.132.22 port 53440 ssh2
May 31 07:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Connection closed by 176.65.132.22 port 53440 [preauth]
May 31 07:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Invalid user administrator from 176.65.132.22
May 31 07:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: input_userauth_request: invalid user administrator [preauth]
May 31 07:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for invalid user administrator from 176.65.132.22 port 53448 ssh2
May 31 07:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 176.65.132.22 port 53448 [preauth]
May 31 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Invalid user app from 176.65.132.22
May 31 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: input_userauth_request: invalid user app [preauth]
May 31 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for invalid user app from 176.65.132.22 port 52334 ssh2
May 31 07:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Connection closed by 176.65.132.22 port 52334 [preauth]
May 31 07:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Invalid user rdpuser from 176.65.132.22
May 31 07:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: input_userauth_request: invalid user rdpuser [preauth]
May 31 07:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Failed password for invalid user rdpuser from 176.65.132.22 port 60088 ssh2
May 31 07:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Connection closed by 176.65.132.22 port 60088 [preauth]
May 31 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: User vncuser from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: input_userauth_request: invalid user vncuser [preauth]
May 31 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=vncuser
May 31 07:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for invalid user vncuser from 176.65.132.22 port 60090 ssh2
May 31 07:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 176.65.132.22 port 60090 [preauth]
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11283]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11282]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session closed for user root
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session closed for user p13x
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: Successful su for rubyman by root
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: + ??? root:rubyman
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428024 of user rubyman.
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: pam_unix(su:session): session closed for user rubyman
May 31 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428024.
May 31 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: User nobody from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: input_userauth_request: invalid user nobody [preauth]
May 31 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=nobody
May 31 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11282]: pam_unix(cron:session): session closed for user root
May 31 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session closed for user root
May 31 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Failed password for invalid user nobody from 176.65.132.22 port 59716 ssh2
May 31 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Connection closed by 176.65.132.22 port 59716 [preauth]
May 31 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11281]: pam_unix(cron:session): session closed for user samftp
May 31 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for root from 202.133.90.219 port 52940 ssh2
May 31 07:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Connection closed by 202.133.90.219 port 52940 [preauth]
May 31 07:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Invalid user testuser from 176.65.132.22
May 31 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: input_userauth_request: invalid user testuser [preauth]
May 31 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Failed password for invalid user testuser from 176.65.132.22 port 59730 ssh2
May 31 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Connection closed by 176.65.132.22 port 59730 [preauth]
May 31 07:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Invalid user deploy from 176.65.132.22
May 31 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: input_userauth_request: invalid user deploy [preauth]
May 31 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Failed password for invalid user deploy from 176.65.132.22 port 49060 ssh2
May 31 07:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Connection closed by 176.65.132.22 port 49060 [preauth]
May 31 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Failed password for root from 176.65.132.22 port 49076 ssh2
May 31 07:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Connection closed by 176.65.132.22 port 49076 [preauth]
May 31 07:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: Invalid user user from 176.65.132.22
May 31 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: input_userauth_request: invalid user user [preauth]
May 31 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: Failed password for invalid user user from 176.65.132.22 port 39118 ssh2
May 31 07:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11640]: Connection closed by 176.65.132.22 port 39118 [preauth]
May 31 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session closed for user root
May 31 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11650]: Failed password for root from 176.65.132.22 port 37808 ssh2
May 31 07:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11650]: Connection closed by 176.65.132.22 port 37808 [preauth]
May 31 07:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Invalid user sam from 176.65.132.22
May 31 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: input_userauth_request: invalid user sam [preauth]
May 31 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Failed password for invalid user sam from 176.65.132.22 port 37826 ssh2
May 31 07:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Connection closed by 176.65.132.22 port 37826 [preauth]
May 31 07:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Invalid user test from 176.65.132.22
May 31 07:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: input_userauth_request: invalid user test [preauth]
May 31 07:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Failed password for invalid user test from 176.65.132.22 port 59098 ssh2
May 31 07:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Connection closed by 176.65.132.22 port 59098 [preauth]
May 31 07:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Invalid user main from 176.65.132.22
May 31 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: input_userauth_request: invalid user main [preauth]
May 31 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Failed password for invalid user main from 176.65.132.22 port 45832 ssh2
May 31 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Connection closed by 176.65.132.22 port 45832 [preauth]
May 31 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Invalid user main from 176.65.132.22
May 31 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: input_userauth_request: invalid user main [preauth]
May 31 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Failed password for invalid user main from 176.65.132.22 port 45846 ssh2
May 31 07:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Connection closed by 176.65.132.22 port 45846 [preauth]
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session closed for user p13x
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: Successful su for rubyman by root
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: + ??? root:rubyman
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428031 of user rubyman.
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: pam_unix(su:session): session closed for user rubyman
May 31 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428031.
May 31 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8838]: pam_unix(cron:session): session closed for user root
May 31 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: Failed password for root from 176.65.132.22 port 43040 ssh2
May 31 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session closed for user samftp
May 31 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: Connection closed by 176.65.132.22 port 43040 [preauth]
May 31 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Invalid user recepcion from 173.254.234.162
May 31 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: input_userauth_request: invalid user recepcion [preauth]
May 31 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Invalid user git from 176.65.132.22
May 31 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: input_userauth_request: invalid user git [preauth]
May 31 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Failed password for invalid user recepcion from 173.254.234.162 port 45808 ssh2
May 31 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Connection closed by 173.254.234.162 port 45808 [preauth]
May 31 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user git from 176.65.132.22 port 43054 ssh2
May 31 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Connection closed by 176.65.132.22 port 43054 [preauth]
May 31 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: Failed password for root from 176.65.132.22 port 52750 ssh2
May 31 07:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: Connection closed by 176.65.132.22 port 52750 [preauth]
May 31 07:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Invalid user test from 176.65.132.22
May 31 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: input_userauth_request: invalid user test [preauth]
May 31 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: Failed password for root from 103.27.238.114 port 57538 ssh2
May 31 07:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: Connection closed by 103.27.238.114 port 57538 [preauth]
May 31 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Failed password for invalid user test from 176.65.132.22 port 52774 ssh2
May 31 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Connection closed by 176.65.132.22 port 52774 [preauth]
May 31 07:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Invalid user minecraft from 176.65.132.22
May 31 07:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: input_userauth_request: invalid user minecraft [preauth]
May 31 07:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Failed password for invalid user minecraft from 176.65.132.22 port 40242 ssh2
May 31 07:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Connection closed by 176.65.132.22 port 40242 [preauth]
May 31 07:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Invalid user dev from 176.65.132.22
May 31 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: input_userauth_request: invalid user dev [preauth]
May 31 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10853]: pam_unix(cron:session): session closed for user root
May 31 07:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Failed password for invalid user dev from 176.65.132.22 port 41848 ssh2
May 31 07:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Connection closed by 176.65.132.22 port 41848 [preauth]
May 31 07:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Invalid user alex from 176.65.132.22
May 31 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: input_userauth_request: invalid user alex [preauth]
May 31 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Failed password for root from 202.133.90.219 port 42154 ssh2
May 31 07:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Connection closed by 202.133.90.219 port 42154 [preauth]
May 31 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Failed password for invalid user alex from 176.65.132.22 port 41856 ssh2
May 31 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Connection closed by 176.65.132.22 port 41856 [preauth]
May 31 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: User mysql from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: input_userauth_request: invalid user mysql [preauth]
May 31 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=mysql
May 31 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Failed password for invalid user mysql from 176.65.132.22 port 33752 ssh2
May 31 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Connection closed by 176.65.132.22 port 33752 [preauth]
May 31 07:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Invalid user jakob from 176.65.132.22
May 31 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: input_userauth_request: invalid user jakob [preauth]
May 31 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Failed password for invalid user jakob from 176.65.132.22 port 50472 ssh2
May 31 07:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Connection closed by 176.65.132.22 port 50472 [preauth]
May 31 07:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Invalid user kingbase from 176.65.132.22
May 31 07:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: input_userauth_request: invalid user kingbase [preauth]
May 31 07:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Failed password for invalid user kingbase from 176.65.132.22 port 50496 ssh2
May 31 07:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Connection closed by 176.65.132.22 port 50496 [preauth]
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user p13x
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: Successful su for rubyman by root
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: + ??? root:rubyman
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428036 of user rubyman.
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session closed for user rubyman
May 31 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428036.
May 31 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session closed for user root
May 31 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user samftp
May 31 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Failed password for root from 176.65.132.22 port 60362 ssh2
May 31 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Connection closed by 176.65.132.22 port 60362 [preauth]
May 31 07:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Failed password for root from 176.65.132.22 port 60376 ssh2
May 31 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Connection closed by 176.65.132.22 port 60376 [preauth]
May 31 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Invalid user teamspeak from 176.65.132.22
May 31 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: input_userauth_request: invalid user teamspeak [preauth]
May 31 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Failed password for invalid user teamspeak from 176.65.132.22 port 42412 ssh2
May 31 07:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Connection closed by 176.65.132.22 port 42412 [preauth]
May 31 07:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Invalid user prefect from 176.65.132.22
May 31 07:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: input_userauth_request: invalid user prefect [preauth]
May 31 07:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Failed password for invalid user prefect from 176.65.132.22 port 42420 ssh2
May 31 07:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Connection closed by 176.65.132.22 port 42420 [preauth]
May 31 07:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Invalid user odoo17 from 176.65.132.22
May 31 07:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: input_userauth_request: invalid user odoo17 [preauth]
May 31 07:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for invalid user odoo17 from 176.65.132.22 port 35968 ssh2
May 31 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Connection closed by 176.65.132.22 port 35968 [preauth]
May 31 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Invalid user gitlab-runner from 176.65.132.22
May 31 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: input_userauth_request: invalid user gitlab-runner [preauth]
May 31 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session closed for user root
May 31 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for invalid user gitlab-runner from 176.65.132.22 port 36798 ssh2
May 31 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 176.65.132.22 port 36798 [preauth]
May 31 07:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Invalid user www from 176.65.132.22
May 31 07:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: input_userauth_request: invalid user www [preauth]
May 31 07:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Failed password for invalid user www from 176.65.132.22 port 36804 ssh2
May 31 07:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Connection closed by 176.65.132.22 port 36804 [preauth]
May 31 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Invalid user es from 176.65.132.22
May 31 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: input_userauth_request: invalid user es [preauth]
May 31 07:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for invalid user es from 176.65.132.22 port 47190 ssh2
May 31 07:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Connection closed by 176.65.132.22 port 47190 [preauth]
May 31 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Invalid user fastuser from 176.65.132.22
May 31 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: input_userauth_request: invalid user fastuser [preauth]
May 31 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user fastuser from 176.65.132.22 port 47204 ssh2
May 31 07:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Connection closed by 176.65.132.22 port 47204 [preauth]
May 31 07:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Invalid user ansible from 176.65.132.22
May 31 07:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: input_userauth_request: invalid user ansible [preauth]
May 31 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Failed password for invalid user ansible from 176.65.132.22 port 36770 ssh2
May 31 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Connection closed by 176.65.132.22 port 36770 [preauth]
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session closed for user p13x
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12846]: Successful su for rubyman by root
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12846]: + ??? root:rubyman
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428039 of user rubyman.
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12846]: pam_unix(su:session): session closed for user rubyman
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428039.
May 31 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Invalid user airflow from 176.65.132.22
May 31 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: input_userauth_request: invalid user airflow [preauth]
May 31 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session closed for user root
May 31 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Failed password for invalid user airflow from 176.65.132.22 port 46946 ssh2
May 31 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Connection closed by 176.65.132.22 port 46946 [preauth]
May 31 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12782]: pam_unix(cron:session): session closed for user samftp
May 31 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Invalid user user from 185.156.73.233
May 31 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: input_userauth_request: invalid user user [preauth]
May 31 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Failed password for invalid user user from 185.156.73.233 port 41062 ssh2
May 31 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Connection closed by 185.156.73.233 port 41062 [preauth]
May 31 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for root from 38.93.206.2 port 50592 ssh2
May 31 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Connection closed by 38.93.206.2 port 50592 [preauth]
May 31 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Failed password for root from 176.65.132.22 port 46964 ssh2
May 31 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Connection closed by 176.65.132.22 port 46964 [preauth]
May 31 07:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12929]: Failed password for root from 202.133.90.219 port 52826 ssh2
May 31 07:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12929]: Connection closed by 202.133.90.219 port 52826 [preauth]
May 31 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Invalid user alex from 176.65.132.22
May 31 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: input_userauth_request: invalid user alex [preauth]
May 31 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Failed password for invalid user alex from 176.65.132.22 port 44404 ssh2
May 31 07:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Connection closed by 176.65.132.22 port 44404 [preauth]
May 31 07:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: Failed password for root from 176.65.132.22 port 44416 ssh2
May 31 07:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: Connection closed by 176.65.132.22 port 44416 [preauth]
May 31 07:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: Invalid user linux from 176.65.132.22
May 31 07:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: input_userauth_request: invalid user linux [preauth]
May 31 07:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: Failed password for invalid user linux from 176.65.132.22 port 36664 ssh2
May 31 07:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: Connection closed by 176.65.132.22 port 36664 [preauth]
May 31 07:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Invalid user master from 176.65.132.22
May 31 07:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: input_userauth_request: invalid user master [preauth]
May 31 07:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Failed password for invalid user master from 176.65.132.22 port 36668 ssh2
May 31 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Connection closed by 176.65.132.22 port 36668 [preauth]
May 31 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session closed for user root
May 31 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Invalid user master from 176.65.132.22
May 31 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: input_userauth_request: invalid user master [preauth]
May 31 07:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Failed password for invalid user master from 176.65.132.22 port 46884 ssh2
May 31 07:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Connection closed by 176.65.132.22 port 46884 [preauth]
May 31 07:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: Invalid user admin123 from 176.65.132.22
May 31 07:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: input_userauth_request: invalid user admin123 [preauth]
May 31 07:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: Failed password for invalid user admin123 from 176.65.132.22 port 49174 ssh2
May 31 07:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: Connection closed by 176.65.132.22 port 49174 [preauth]
May 31 07:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Invalid user alex from 176.65.132.22
May 31 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: input_userauth_request: invalid user alex [preauth]
May 31 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Failed password for invalid user alex from 176.65.132.22 port 49194 ssh2
May 31 07:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Connection closed by 176.65.132.22 port 49194 [preauth]
May 31 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user parsa from 176.65.132.22
May 31 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user parsa [preauth]
May 31 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user parsa from 176.65.132.22 port 50078 ssh2
May 31 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Connection closed by 176.65.132.22 port 50078 [preauth]
May 31 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Failed password for root from 176.65.132.22 port 50086 ssh2
May 31 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Connection closed by 176.65.132.22 port 50086 [preauth]
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13234]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13233]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13230]: pam_unix(cron:session): session closed for user p13x
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: Successful su for rubyman by root
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: + ??? root:rubyman
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428042 of user rubyman.
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: pam_unix(su:session): session closed for user rubyman
May 31 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428042.
May 31 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Invalid user user from 176.65.132.22
May 31 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: input_userauth_request: invalid user user [preauth]
May 31 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10397]: pam_unix(cron:session): session closed for user root
May 31 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13232]: pam_unix(cron:session): session closed for user samftp
May 31 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Failed password for invalid user user from 176.65.132.22 port 58422 ssh2
May 31 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Connection closed by 176.65.132.22 port 58422 [preauth]
May 31 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: Invalid user fastuser from 176.65.132.22
May 31 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: input_userauth_request: invalid user fastuser [preauth]
May 31 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: Failed password for invalid user fastuser from 176.65.132.22 port 58436 ssh2
May 31 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13474]: Connection closed by 176.65.132.22 port 58436 [preauth]
May 31 07:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Invalid user runner from 176.65.132.22
May 31 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: input_userauth_request: invalid user runner [preauth]
May 31 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Failed password for invalid user runner from 176.65.132.22 port 44108 ssh2
May 31 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Connection closed by 176.65.132.22 port 44108 [preauth]
May 31 07:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: Invalid user ubuntu from 172.174.17.234
May 31 07:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234
May 31 07:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: Failed password for invalid user ubuntu from 172.174.17.234 port 45104 ssh2
May 31 07:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: Received disconnect from 172.174.17.234 port 45104:11: Bye Bye [preauth]
May 31 07:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: Disconnected from 172.174.17.234 port 45104 [preauth]
May 31 07:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: Invalid user user from 176.65.132.22
May 31 07:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: input_userauth_request: invalid user user [preauth]
May 31 07:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: Failed password for invalid user user from 176.65.132.22 port 44124 ssh2
May 31 07:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: Connection closed by 176.65.132.22 port 44124 [preauth]
May 31 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Invalid user newuser from 176.65.132.22
May 31 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: input_userauth_request: invalid user newuser [preauth]
May 31 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Failed password for invalid user newuser from 176.65.132.22 port 55404 ssh2
May 31 07:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Connection closed by 176.65.132.22 port 55404 [preauth]
May 31 07:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Invalid user ducc0x from 176.65.132.22
May 31 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: input_userauth_request: invalid user ducc0x [preauth]
May 31 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user root
May 31 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Failed password for invalid user ducc0x from 176.65.132.22 port 58614 ssh2
May 31 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Connection closed by 176.65.132.22 port 58614 [preauth]
May 31 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: Invalid user azureuser from 176.65.132.22
May 31 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: input_userauth_request: invalid user azureuser [preauth]
May 31 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: Failed password for invalid user azureuser from 176.65.132.22 port 58620 ssh2
May 31 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: Connection closed by 176.65.132.22 port 58620 [preauth]
May 31 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13569]: Failed password for root from 202.133.90.219 port 55660 ssh2
May 31 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13569]: Connection closed by 202.133.90.219 port 55660 [preauth]
May 31 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Invalid user azureuser from 176.65.132.22
May 31 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: input_userauth_request: invalid user azureuser [preauth]
May 31 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Failed password for invalid user azureuser from 176.65.132.22 port 45478 ssh2
May 31 07:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Connection closed by 176.65.132.22 port 45478 [preauth]
May 31 07:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for root from 176.65.132.22 port 45482 ssh2
May 31 07:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Connection closed by 176.65.132.22 port 45482 [preauth]
May 31 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for root from 176.65.132.22 port 46186 ssh2
May 31 07:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Connection closed by 176.65.132.22 port 46186 [preauth]
May 31 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Invalid user deploy from 176.65.132.22
May 31 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: input_userauth_request: invalid user deploy [preauth]
May 31 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session closed for user root
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session closed for user p13x
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: Successful su for rubyman by root
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: + ??? root:rubyman
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428047 of user rubyman.
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: pam_unix(su:session): session closed for user rubyman
May 31 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428047.
May 31 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session closed for user root
May 31 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Failed password for invalid user deploy from 176.65.132.22 port 46192 ssh2
May 31 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Connection closed by 176.65.132.22 port 46192 [preauth]
May 31 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session closed for user root
May 31 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session closed for user samftp
May 31 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Invalid user deploy from 176.65.132.22
May 31 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: input_userauth_request: invalid user deploy [preauth]
May 31 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Failed password for invalid user deploy from 176.65.132.22 port 54722 ssh2
May 31 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Connection closed by 176.65.132.22 port 54722 [preauth]
May 31 07:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Invalid user dmdba from 176.65.132.22
May 31 07:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: input_userauth_request: invalid user dmdba [preauth]
May 31 07:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Failed password for invalid user dmdba from 176.65.132.22 port 54916 ssh2
May 31 07:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Connection closed by 176.65.132.22 port 54916 [preauth]
May 31 07:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Invalid user wizard from 176.65.132.22
May 31 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: input_userauth_request: invalid user wizard [preauth]
May 31 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Failed password for invalid user wizard from 176.65.132.22 port 54922 ssh2
May 31 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Connection closed by 176.65.132.22 port 54922 [preauth]
May 31 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Invalid user claude from 176.65.132.22
May 31 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: input_userauth_request: invalid user claude [preauth]
May 31 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Failed password for invalid user claude from 176.65.132.22 port 60968 ssh2
May 31 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Connection closed by 176.65.132.22 port 60968 [preauth]
May 31 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: User mysql from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user mysql [preauth]
May 31 07:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=mysql
May 31 07:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user mysql from 176.65.132.22 port 60984 ssh2
May 31 07:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 176.65.132.22 port 60984 [preauth]
May 31 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12784]: pam_unix(cron:session): session closed for user root
May 31 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Invalid user admin1 from 176.65.132.22
May 31 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: input_userauth_request: invalid user admin1 [preauth]
May 31 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Failed password for invalid user admin1 from 176.65.132.22 port 60140 ssh2
May 31 07:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Connection closed by 176.65.132.22 port 60140 [preauth]
May 31 07:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: Invalid user server from 176.65.132.22
May 31 07:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: input_userauth_request: invalid user server [preauth]
May 31 07:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: Failed password for invalid user server from 176.65.132.22 port 44892 ssh2
May 31 07:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14041]: Connection closed by 176.65.132.22 port 44892 [preauth]
May 31 07:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Invalid user dani from 176.65.132.22
May 31 07:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: input_userauth_request: invalid user dani [preauth]
May 31 07:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Failed password for invalid user dani from 176.65.132.22 port 44900 ssh2
May 31 07:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Connection closed by 176.65.132.22 port 44900 [preauth]
May 31 07:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14075]: Failed password for root from 176.65.132.22 port 44898 ssh2
May 31 07:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14075]: Connection closed by 176.65.132.22 port 44898 [preauth]
May 31 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Invalid user ubuntu from 176.65.132.22
May 31 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: input_userauth_request: invalid user ubuntu [preauth]
May 31 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Failed password for invalid user ubuntu from 176.65.132.22 port 44900 ssh2
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Connection closed by 176.65.132.22 port 44900 [preauth]
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14101]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14100]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14097]: pam_unix(cron:session): session closed for user p13x
May 31 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14163]: Successful su for rubyman by root
May 31 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14163]: + ??? root:rubyman
May 31 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428053 of user rubyman.
May 31 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14163]: pam_unix(su:session): session closed for user rubyman
May 31 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428053.
May 31 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11283]: pam_unix(cron:session): session closed for user root
May 31 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Failed password for root from 103.82.20.28 port 36874 ssh2
May 31 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Connection closed by 103.82.20.28 port 36874 [preauth]
May 31 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14099]: pam_unix(cron:session): session closed for user samftp
May 31 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for root from 176.65.132.22 port 41094 ssh2
May 31 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Connection closed by 176.65.132.22 port 41094 [preauth]
May 31 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for root from 103.27.238.120 port 56484 ssh2
May 31 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Connection closed by 103.27.238.120 port 56484 [preauth]
May 31 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Failed password for root from 103.27.238.116 port 44478 ssh2
May 31 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Connection closed by 103.27.238.116 port 44478 [preauth]
May 31 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Invalid user deploy from 176.65.132.22
May 31 07:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: input_userauth_request: invalid user deploy [preauth]
May 31 07:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Failed password for invalid user deploy from 176.65.132.22 port 41096 ssh2
May 31 07:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Connection closed by 176.65.132.22 port 41096 [preauth]
May 31 07:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for root from 202.133.90.219 port 56702 ssh2
May 31 07:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Invalid user prem from 176.65.132.22
May 31 07:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: input_userauth_request: invalid user prem [preauth]
May 31 07:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Connection closed by 202.133.90.219 port 56702 [preauth]
May 31 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Failed password for invalid user prem from 176.65.132.22 port 39094 ssh2
May 31 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Connection closed by 176.65.132.22 port 39094 [preauth]
May 31 07:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Failed password for root from 176.65.132.22 port 33730 ssh2
May 31 07:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Connection closed by 176.65.132.22 port 33730 [preauth]
May 31 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Invalid user coder from 176.65.132.22
May 31 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: input_userauth_request: invalid user coder [preauth]
May 31 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for invalid user coder from 176.65.132.22 port 33738 ssh2
May 31 07:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Connection closed by 176.65.132.22 port 33738 [preauth]
May 31 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13234]: pam_unix(cron:session): session closed for user root
May 31 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Invalid user operator from 176.65.132.22
May 31 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: input_userauth_request: invalid user operator [preauth]
May 31 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Failed password for invalid user operator from 176.65.132.22 port 42704 ssh2
May 31 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Connection closed by 176.65.132.22 port 42704 [preauth]
May 31 07:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: Invalid user frappe from 176.65.132.22
May 31 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: input_userauth_request: invalid user frappe [preauth]
May 31 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: Failed password for invalid user frappe from 176.65.132.22 port 42714 ssh2
May 31 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: Connection closed by 176.65.132.22 port 42714 [preauth]
May 31 07:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: Invalid user admin2 from 176.65.132.22
May 31 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: input_userauth_request: invalid user admin2 [preauth]
May 31 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: Failed password for invalid user admin2 from 176.65.132.22 port 44690 ssh2
May 31 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: Connection closed by 176.65.132.22 port 44690 [preauth]
May 31 07:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Failed password for root from 176.65.132.22 port 44700 ssh2
May 31 07:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Connection closed by 176.65.132.22 port 44700 [preauth]
May 31 07:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Invalid user gitlab from 176.65.132.22
May 31 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: input_userauth_request: invalid user gitlab [preauth]
May 31 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Failed password for invalid user gitlab from 176.65.132.22 port 37168 ssh2
May 31 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Connection closed by 176.65.132.22 port 37168 [preauth]
May 31 07:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Failed password for root from 103.77.175.15 port 54950 ssh2
May 31 07:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Connection closed by 103.77.175.15 port 54950 [preauth]
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user p13x
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14571]: Successful su for rubyman by root
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14571]: + ??? root:rubyman
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428056 of user rubyman.
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14571]: pam_unix(su:session): session closed for user rubyman
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428056.
May 31 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Invalid user gitlab from 176.65.132.22
May 31 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: input_userauth_request: invalid user gitlab [preauth]
May 31 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Failed password for invalid user gitlab from 176.65.132.22 port 33142 ssh2
May 31 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Connection closed by 176.65.132.22 port 33142 [preauth]
May 31 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session closed for user root
May 31 07:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session closed for user samftp
May 31 07:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Invalid user customer from 176.65.132.22
May 31 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: input_userauth_request: invalid user customer [preauth]
May 31 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Failed password for invalid user customer from 176.65.132.22 port 33148 ssh2
May 31 07:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Connection closed by 176.65.132.22 port 33148 [preauth]
May 31 07:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Invalid user jellyfin from 176.65.132.22
May 31 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: input_userauth_request: invalid user jellyfin [preauth]
May 31 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Failed password for invalid user jellyfin from 176.65.132.22 port 49552 ssh2
May 31 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Connection closed by 176.65.132.22 port 49552 [preauth]
May 31 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Failed password for root from 37.120.213.13 port 50180 ssh2
May 31 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Connection closed by 37.120.213.13 port 50180 [preauth]
May 31 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Invalid user developer from 176.65.132.22
May 31 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: input_userauth_request: invalid user developer [preauth]
May 31 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Failed password for invalid user developer from 176.65.132.22 port 49554 ssh2
May 31 07:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Connection closed by 176.65.132.22 port 49554 [preauth]
May 31 07:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Invalid user jenkins from 176.65.132.22
May 31 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: input_userauth_request: invalid user jenkins [preauth]
May 31 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Failed password for invalid user jenkins from 176.65.132.22 port 42868 ssh2
May 31 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Connection closed by 176.65.132.22 port 42868 [preauth]
May 31 07:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session closed for user root
May 31 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Failed password for root from 176.65.132.22 port 37894 ssh2
May 31 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Connection closed by 176.65.132.22 port 37894 [preauth]
May 31 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Failed password for root from 172.174.17.234 port 41614 ssh2
May 31 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Received disconnect from 172.174.17.234 port 41614:11: Bye Bye [preauth]
May 31 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Disconnected from 172.174.17.234 port 41614 [preauth]
May 31 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for root from 176.65.132.22 port 37906 ssh2
May 31 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 176.65.132.22 port 37906 [preauth]
May 31 07:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Invalid user gpadmin from 176.65.132.22
May 31 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: input_userauth_request: invalid user gpadmin [preauth]
May 31 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for root from 202.133.90.219 port 55482 ssh2
May 31 07:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for invalid user gpadmin from 176.65.132.22 port 46404 ssh2
May 31 07:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 176.65.132.22 port 46404 [preauth]
May 31 07:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Connection closed by 202.133.90.219 port 55482 [preauth]
May 31 07:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Failed password for root from 176.65.132.22 port 46406 ssh2
May 31 07:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Connection closed by 176.65.132.22 port 46406 [preauth]
May 31 07:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Invalid user admin from 176.65.132.22
May 31 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: input_userauth_request: invalid user admin [preauth]
May 31 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Failed password for invalid user admin from 176.65.132.22 port 46414 ssh2
May 31 07:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Connection closed by 176.65.132.22 port 46414 [preauth]
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session closed for user p13x
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15076]: Successful su for rubyman by root
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15076]: + ??? root:rubyman
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428062 of user rubyman.
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15076]: pam_unix(su:session): session closed for user rubyman
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428062.
May 31 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Invalid user admin from 176.65.132.22
May 31 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: input_userauth_request: invalid user admin [preauth]
May 31 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user root
May 31 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Failed password for invalid user admin from 176.65.132.22 port 33134 ssh2
May 31 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Connection closed by 176.65.132.22 port 33134 [preauth]
May 31 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session closed for user samftp
May 31 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Invalid user node from 176.65.132.22
May 31 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: input_userauth_request: invalid user node [preauth]
May 31 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Failed password for invalid user node from 176.65.132.22 port 33148 ssh2
May 31 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Connection closed by 176.65.132.22 port 33148 [preauth]
May 31 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Invalid user x from 176.65.132.22
May 31 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: input_userauth_request: invalid user x [preauth]
May 31 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Failed password for invalid user x from 176.65.132.22 port 54626 ssh2
May 31 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Connection closed by 176.65.132.22 port 54626 [preauth]
May 31 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: Invalid user deploy from 176.65.132.22
May 31 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: input_userauth_request: invalid user deploy [preauth]
May 31 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: Failed password for invalid user deploy from 176.65.132.22 port 54630 ssh2
May 31 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: Connection closed by 176.65.132.22 port 54630 [preauth]
May 31 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Invalid user deploy from 176.65.132.22
May 31 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: input_userauth_request: invalid user deploy [preauth]
May 31 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Failed password for invalid user deploy from 176.65.132.22 port 40242 ssh2
May 31 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Connection closed by 176.65.132.22 port 40242 [preauth]
May 31 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: Invalid user deploy from 176.65.132.22
May 31 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: input_userauth_request: invalid user deploy [preauth]
May 31 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14101]: pam_unix(cron:session): session closed for user root
May 31 07:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: Failed password for invalid user deploy from 176.65.132.22 port 36214 ssh2
May 31 07:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: Connection closed by 176.65.132.22 port 36214 [preauth]
May 31 07:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Invalid user adminuser from 176.65.132.22
May 31 07:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: input_userauth_request: invalid user adminuser [preauth]
May 31 07:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Failed password for invalid user adminuser from 176.65.132.22 port 36216 ssh2
May 31 07:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Connection closed by 176.65.132.22 port 36216 [preauth]
May 31 07:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Invalid user hduser from 176.65.132.22
May 31 07:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: input_userauth_request: invalid user hduser [preauth]
May 31 07:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Failed password for invalid user hduser from 176.65.132.22 port 39700 ssh2
May 31 07:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Connection closed by 176.65.132.22 port 39700 [preauth]
May 31 07:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Invalid user admin from 176.65.132.22
May 31 07:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: input_userauth_request: invalid user admin [preauth]
May 31 07:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Failed password for invalid user admin from 176.65.132.22 port 48644 ssh2
May 31 07:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Connection closed by 176.65.132.22 port 48644 [preauth]
May 31 07:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Invalid user guest from 176.65.132.22
May 31 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: input_userauth_request: invalid user guest [preauth]
May 31 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Failed password for invalid user guest from 176.65.132.22 port 48660 ssh2
May 31 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Connection closed by 176.65.132.22 port 48660 [preauth]
May 31 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15440]: pam_unix(cron:session): session closed for user p13x
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15499]: Successful su for rubyman by root
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15499]: + ??? root:rubyman
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428064 of user rubyman.
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15499]: pam_unix(su:session): session closed for user rubyman
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428064.
May 31 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Invalid user jellyfin from 176.65.132.22
May 31 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: input_userauth_request: invalid user jellyfin [preauth]
May 31 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session closed for user root
May 31 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Failed password for invalid user jellyfin from 176.65.132.22 port 53184 ssh2
May 31 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session closed for user samftp
May 31 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Connection closed by 176.65.132.22 port 53184 [preauth]
May 31 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 07:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Failed password for root from 202.133.90.219 port 49434 ssh2
May 31 07:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Failed password for root from 193.37.70.224 port 50590 ssh2
May 31 07:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Connection closed by 193.37.70.224 port 50590 [preauth]
May 31 07:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Connection closed by 202.133.90.219 port 49434 [preauth]
May 31 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Failed password for root from 176.65.132.22 port 53194 ssh2
May 31 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Connection closed by 176.65.132.22 port 53194 [preauth]
May 31 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Invalid user system from 176.65.132.22
May 31 07:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: input_userauth_request: invalid user system [preauth]
May 31 07:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for invalid user system from 176.65.132.22 port 53232 ssh2
May 31 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Connection closed by 176.65.132.22 port 53232 [preauth]
May 31 07:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: Invalid user odoo18 from 176.65.132.22
May 31 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: input_userauth_request: invalid user odoo18 [preauth]
May 31 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: Failed password for invalid user odoo18 from 176.65.132.22 port 53248 ssh2
May 31 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: Connection closed by 176.65.132.22 port 53248 [preauth]
May 31 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Invalid user nagios from 176.65.132.22
May 31 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: input_userauth_request: invalid user nagios [preauth]
May 31 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Failed password for invalid user nagios from 176.65.132.22 port 34406 ssh2
May 31 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Connection closed by 176.65.132.22 port 34406 [preauth]
May 31 07:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session closed for user root
May 31 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: Failed password for root from 176.65.132.22 port 52394 ssh2
May 31 07:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: Connection closed by 176.65.132.22 port 52394 [preauth]
May 31 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Invalid user csgo from 176.65.132.22
May 31 07:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: input_userauth_request: invalid user csgo [preauth]
May 31 07:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Failed password for invalid user csgo from 176.65.132.22 port 52396 ssh2
May 31 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Connection closed by 176.65.132.22 port 52396 [preauth]
May 31 07:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 07:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Failed password for root from 176.65.132.22 port 45766 ssh2
May 31 07:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Connection closed by 176.65.132.22 port 45766 [preauth]
May 31 07:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: Invalid user test from 176.65.132.22
May 31 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: input_userauth_request: invalid user test [preauth]
May 31 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: Failed password for invalid user test from 176.65.132.22 port 45768 ssh2
May 31 07:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15821]: Connection closed by 176.65.132.22 port 45768 [preauth]
May 31 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 07:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Invalid user devops from 176.65.132.22
May 31 07:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: input_userauth_request: invalid user devops [preauth]
May 31 07:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): check pass; user unknown
May 31 07:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 07:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Failed password for invalid user devops from 176.65.132.22 port 58516 ssh2
May 31 07:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Connection closed by 176.65.132.22 port 58516 [preauth]
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15846]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session closed for user root
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user root
May 31 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session closed for user p13x
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: Successful su for rubyman by root
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: + ??? root:rubyman
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428073 of user rubyman.
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: pam_unix(su:session): session closed for user rubyman
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428073.
May 31 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13233]: pam_unix(cron:session): session closed for user root
May 31 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15846]: pam_unix(cron:session): session closed for user root
May 31 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Failed password for root from 176.65.132.22 port 36038 ssh2
May 31 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Connection closed by 176.65.132.22 port 36038 [preauth]
May 31 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15844]: pam_unix(cron:session): session closed for user samftp
May 31 08:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Invalid user guest from 176.65.132.22
May 31 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: input_userauth_request: invalid user guest [preauth]
May 31 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Failed password for invalid user guest from 176.65.132.22 port 36042 ssh2
May 31 08:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Connection closed by 176.65.132.22 port 36042 [preauth]
May 31 08:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Invalid user user from 176.65.132.22
May 31 08:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: input_userauth_request: invalid user user [preauth]
May 31 08:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Failed password for invalid user user from 176.65.132.22 port 56374 ssh2
May 31 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Connection closed by 176.65.132.22 port 56374 [preauth]
May 31 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Invalid user ubuntu from 176.65.132.22
May 31 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Failed password for invalid user ubuntu from 176.65.132.22 port 56396 ssh2
May 31 08:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Connection closed by 176.65.132.22 port 56396 [preauth]
May 31 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Failed password for root from 176.65.132.22 port 33140 ssh2
May 31 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Connection closed by 176.65.132.22 port 33140 [preauth]
May 31 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session closed for user root
May 31 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Invalid user botuser from 176.65.132.22
May 31 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: input_userauth_request: invalid user botuser [preauth]
May 31 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Failed password for invalid user botuser from 176.65.132.22 port 37476 ssh2
May 31 08:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Connection closed by 176.65.132.22 port 37476 [preauth]
May 31 08:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Failed password for root from 202.133.90.219 port 56380 ssh2
May 31 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Invalid user test from 176.65.132.22
May 31 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: input_userauth_request: invalid user test [preauth]
May 31 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Connection closed by 202.133.90.219 port 56380 [preauth]
May 31 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Failed password for invalid user test from 176.65.132.22 port 37488 ssh2
May 31 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Connection closed by 176.65.132.22 port 37488 [preauth]
May 31 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234  user=root
May 31 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Failed password for root from 176.65.132.22 port 33264 ssh2
May 31 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Connection closed by 176.65.132.22 port 33264 [preauth]
May 31 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: Failed password for root from 172.174.17.234 port 58446 ssh2
May 31 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: Received disconnect from 172.174.17.234 port 58446:11: Bye Bye [preauth]
May 31 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: Disconnected from 172.174.17.234 port 58446 [preauth]
May 31 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Invalid user system from 176.65.132.22
May 31 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: input_userauth_request: invalid user system [preauth]
May 31 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Failed password for invalid user system from 176.65.132.22 port 33282 ssh2
May 31 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Connection closed by 176.65.132.22 port 33282 [preauth]
May 31 08:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: Invalid user minecraft from 176.65.132.22
May 31 08:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: input_userauth_request: invalid user minecraft [preauth]
May 31 08:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: Failed password for invalid user minecraft from 176.65.132.22 port 55938 ssh2
May 31 08:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: Connection closed by 176.65.132.22 port 55938 [preauth]
May 31 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16343]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16342]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session closed for user p13x
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: Successful su for rubyman by root
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: + ??? root:rubyman
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428076 of user rubyman.
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: pam_unix(su:session): session closed for user rubyman
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428076.
May 31 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: Invalid user guest from 176.65.132.22
May 31 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: input_userauth_request: invalid user guest [preauth]
May 31 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session closed for user root
May 31 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: Failed password for invalid user guest from 176.65.132.22 port 44736 ssh2
May 31 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: Connection closed by 176.65.132.22 port 44736 [preauth]
May 31 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session closed for user samftp
May 31 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Invalid user testuser from 176.65.132.22
May 31 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: input_userauth_request: invalid user testuser [preauth]
May 31 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Failed password for invalid user testuser from 176.65.132.22 port 44746 ssh2
May 31 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Connection closed by 176.65.132.22 port 44746 [preauth]
May 31 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 08:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Received disconnect from 185.255.100.196 port 37154:11: disconnected by user [preauth]
May 31 08:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Disconnected from 185.255.100.196 port 37154 [preauth]
May 31 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Failed password for root from 176.65.132.22 port 42766 ssh2
May 31 08:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Connection closed by 176.65.132.22 port 42766 [preauth]
May 31 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Invalid user openvpn from 176.65.132.22
May 31 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: input_userauth_request: invalid user openvpn [preauth]
May 31 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Failed password for invalid user openvpn from 176.65.132.22 port 43446 ssh2
May 31 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Connection closed by 176.65.132.22 port 43446 [preauth]
May 31 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Invalid user kevin from 176.65.132.22
May 31 08:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: input_userauth_request: invalid user kevin [preauth]
May 31 08:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Failed password for invalid user kevin from 176.65.132.22 port 43462 ssh2
May 31 08:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Connection closed by 176.65.132.22 port 43462 [preauth]
May 31 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session closed for user root
May 31 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Invalid user admin from 176.65.132.22
May 31 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: input_userauth_request: invalid user admin [preauth]
May 31 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Failed password for invalid user admin from 176.65.132.22 port 57614 ssh2
May 31 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Connection closed by 176.65.132.22 port 57614 [preauth]
May 31 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Invalid user admin from 206.72.205.99
May 31 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: input_userauth_request: invalid user admin [preauth]
May 31 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for invalid user admin from 206.72.205.99 port 41422 ssh2
May 31 08:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Connection closed by 206.72.205.99 port 41422 [preauth]
May 31 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: Invalid user user from 176.65.132.22
May 31 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: input_userauth_request: invalid user user [preauth]
May 31 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: Failed password for invalid user user from 176.65.132.22 port 57618 ssh2
May 31 08:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: Connection closed by 176.65.132.22 port 57618 [preauth]
May 31 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Invalid user frappe from 176.65.132.22
May 31 08:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: input_userauth_request: invalid user frappe [preauth]
May 31 08:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Failed password for invalid user frappe from 176.65.132.22 port 45464 ssh2
May 31 08:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Connection closed by 176.65.132.22 port 45464 [preauth]
May 31 08:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Invalid user frappe from 176.65.132.22
May 31 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: input_userauth_request: invalid user frappe [preauth]
May 31 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Failed password for invalid user frappe from 176.65.132.22 port 48294 ssh2
May 31 08:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Connection closed by 176.65.132.22 port 48294 [preauth]
May 31 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Invalid user crafty from 176.65.132.22
May 31 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: input_userauth_request: invalid user crafty [preauth]
May 31 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Failed password for invalid user crafty from 176.65.132.22 port 48304 ssh2
May 31 08:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Connection closed by 176.65.132.22 port 48304 [preauth]
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16768]: pam_unix(cron:session): session closed for user p13x
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: Successful su for rubyman by root
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: + ??? root:rubyman
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428079 of user rubyman.
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: pam_unix(su:session): session closed for user rubyman
May 31 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428079.
May 31 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14100]: pam_unix(cron:session): session closed for user root
May 31 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: User mysql from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: input_userauth_request: invalid user mysql [preauth]
May 31 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=mysql
May 31 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session closed for user samftp
May 31 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Failed password for invalid user mysql from 176.65.132.22 port 40868 ssh2
May 31 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Connection closed by 176.65.132.22 port 40868 [preauth]
May 31 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Failed password for root from 202.133.90.219 port 55514 ssh2
May 31 08:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Connection closed by 202.133.90.219 port 55514 [preauth]
May 31 08:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Invalid user user from 176.65.132.22
May 31 08:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: input_userauth_request: invalid user user [preauth]
May 31 08:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Failed password for invalid user user from 176.65.132.22 port 40884 ssh2
May 31 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Connection closed by 176.65.132.22 port 40884 [preauth]
May 31 08:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: Invalid user media from 176.65.132.22
May 31 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: input_userauth_request: invalid user media [preauth]
May 31 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: Failed password for invalid user media from 176.65.132.22 port 59024 ssh2
May 31 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17039]: Connection closed by 176.65.132.22 port 59024 [preauth]
May 31 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Invalid user orangepi from 206.72.205.99
May 31 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: input_userauth_request: invalid user orangepi [preauth]
May 31 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Invalid user testuser from 176.65.132.22
May 31 08:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: input_userauth_request: invalid user testuser [preauth]
May 31 08:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Failed password for invalid user orangepi from 206.72.205.99 port 57192 ssh2
May 31 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Connection closed by 206.72.205.99 port 57192 [preauth]
May 31 08:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Failed password for invalid user testuser from 176.65.132.22 port 52118 ssh2
May 31 08:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Connection closed by 176.65.132.22 port 52118 [preauth]
May 31 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: Invalid user testuser from 176.65.132.22
May 31 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: input_userauth_request: invalid user testuser [preauth]
May 31 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: Failed password for invalid user testuser from 176.65.132.22 port 52130 ssh2
May 31 08:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17078]: Connection closed by 176.65.132.22 port 52130 [preauth]
May 31 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session closed for user root
May 31 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Invalid user ai from 176.65.132.22
May 31 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: input_userauth_request: invalid user ai [preauth]
May 31 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Failed password for invalid user ai from 176.65.132.22 port 54302 ssh2
May 31 08:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Connection closed by 176.65.132.22 port 54302 [preauth]
May 31 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Invalid user ai from 176.65.132.22
May 31 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: input_userauth_request: invalid user ai [preauth]
May 31 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Failed password for invalid user ai from 176.65.132.22 port 54304 ssh2
May 31 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Connection closed by 176.65.132.22 port 54304 [preauth]
May 31 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17142]: Failed password for root from 176.65.132.22 port 40800 ssh2
May 31 08:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17142]: Connection closed by 176.65.132.22 port 40800 [preauth]
May 31 08:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Failed password for root from 176.65.132.22 port 41976 ssh2
May 31 08:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Connection closed by 176.65.132.22 port 41976 [preauth]
May 31 08:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Failed password for root from 103.153.68.219 port 59048 ssh2
May 31 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Connection closed by 103.153.68.219 port 59048 [preauth]
May 31 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Failed password for root from 176.65.132.22 port 41992 ssh2
May 31 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Connection closed by 176.65.132.22 port 41992 [preauth]
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session closed for user p13x
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: Successful su for rubyman by root
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: + ??? root:rubyman
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428083 of user rubyman.
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session closed for user rubyman
May 31 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428083.
May 31 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14514]: pam_unix(cron:session): session closed for user root
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Invalid user server from 176.65.132.22
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: input_userauth_request: invalid user server [preauth]
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session closed for user samftp
May 31 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Failed password for root from 206.72.205.99 port 33018 ssh2
May 31 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Connection closed by 206.72.205.99 port 33018 [preauth]
May 31 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Failed password for invalid user server from 176.65.132.22 port 49738 ssh2
May 31 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Connection closed by 176.65.132.22 port 49738 [preauth]
May 31 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: Invalid user system from 176.65.132.22
May 31 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: input_userauth_request: invalid user system [preauth]
May 31 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: Failed password for invalid user system from 176.65.132.22 port 49754 ssh2
May 31 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: Connection closed by 176.65.132.22 port 49754 [preauth]
May 31 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Failed password for root from 176.65.132.22 port 42376 ssh2
May 31 08:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Connection closed by 176.65.132.22 port 42376 [preauth]
May 31 08:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Invalid user git from 176.65.132.22
May 31 08:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: input_userauth_request: invalid user git [preauth]
May 31 08:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Failed password for invalid user git from 176.65.132.22 port 58248 ssh2
May 31 08:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Connection closed by 176.65.132.22 port 58248 [preauth]
May 31 08:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Invalid user app from 176.65.132.22
May 31 08:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: input_userauth_request: invalid user app [preauth]
May 31 08:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Failed password for root from 202.133.90.219 port 45724 ssh2
May 31 08:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Failed password for invalid user app from 176.65.132.22 port 58258 ssh2
May 31 08:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Connection closed by 176.65.132.22 port 58258 [preauth]
May 31 08:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Connection closed by 202.133.90.219 port 45724 [preauth]
May 31 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16343]: pam_unix(cron:session): session closed for user root
May 31 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Failed password for root from 176.65.132.22 port 44588 ssh2
May 31 08:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Connection closed by 176.65.132.22 port 44588 [preauth]
May 31 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Failed password for root from 176.65.132.22 port 33538 ssh2
May 31 08:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Connection closed by 176.65.132.22 port 33538 [preauth]
May 31 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Failed password for root from 176.65.132.22 port 33554 ssh2
May 31 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Connection closed by 176.65.132.22 port 33554 [preauth]
May 31 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: Failed password for root from 206.72.205.99 port 60284 ssh2
May 31 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: Connection closed by 206.72.205.99 port 60284 [preauth]
May 31 08:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Invalid user gitlab-runner from 176.65.132.22
May 31 08:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: input_userauth_request: invalid user gitlab-runner [preauth]
May 31 08:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Failed password for invalid user gitlab-runner from 176.65.132.22 port 37854 ssh2
May 31 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Connection closed by 176.65.132.22 port 37854 [preauth]
May 31 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Invalid user admin from 176.65.132.22
May 31 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: input_userauth_request: invalid user admin [preauth]
May 31 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session closed for user p13x
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Failed password for invalid user admin from 176.65.132.22 port 37870 ssh2
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17737]: Successful su for rubyman by root
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17737]: + ??? root:rubyman
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428088 of user rubyman.
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17737]: pam_unix(su:session): session closed for user rubyman
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428088.
May 31 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Connection closed by 176.65.132.22 port 37870 [preauth]
May 31 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session closed for user root
May 31 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session closed for user samftp
May 31 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: Invalid user app from 176.65.132.22
May 31 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: input_userauth_request: invalid user app [preauth]
May 31 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Invalid user ubuntu from 172.174.17.234
May 31 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.17.234
May 31 08:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: Failed password for invalid user app from 176.65.132.22 port 35834 ssh2
May 31 08:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17924]: Connection closed by 176.65.132.22 port 35834 [preauth]
May 31 08:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for invalid user ubuntu from 172.174.17.234 port 55022 ssh2
May 31 08:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Received disconnect from 172.174.17.234 port 55022:11: Bye Bye [preauth]
May 31 08:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Disconnected from 172.174.17.234 port 55022 [preauth]
May 31 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Invalid user app from 176.65.132.22
May 31 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: input_userauth_request: invalid user app [preauth]
May 31 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Failed password for invalid user app from 176.65.132.22 port 43472 ssh2
May 31 08:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Connection closed by 176.65.132.22 port 43472 [preauth]
May 31 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Invalid user bot from 176.65.132.22
May 31 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: input_userauth_request: invalid user bot [preauth]
May 31 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Failed password for invalid user bot from 176.65.132.22 port 43474 ssh2
May 31 08:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Connection closed by 176.65.132.22 port 43474 [preauth]
May 31 08:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Invalid user guest from 176.65.132.22
May 31 08:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: input_userauth_request: invalid user guest [preauth]
May 31 08:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Failed password for invalid user guest from 176.65.132.22 port 41650 ssh2
May 31 08:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Connection closed by 176.65.132.22 port 41650 [preauth]
May 31 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Invalid user guest from 176.65.132.22
May 31 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: input_userauth_request: invalid user guest [preauth]
May 31 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Failed password for invalid user guest from 176.65.132.22 port 41654 ssh2
May 31 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Connection closed by 176.65.132.22 port 41654 [preauth]
May 31 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session closed for user root
May 31 08:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Failed password for root from 206.72.205.99 port 51476 ssh2
May 31 08:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Connection closed by 206.72.205.99 port 51476 [preauth]
May 31 08:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Invalid user tester from 176.65.132.22
May 31 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: input_userauth_request: invalid user tester [preauth]
May 31 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Failed password for invalid user tester from 176.65.132.22 port 38980 ssh2
May 31 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Connection closed by 176.65.132.22 port 38980 [preauth]
May 31 08:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Invalid user webmaster from 176.65.132.22
May 31 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: input_userauth_request: invalid user webmaster [preauth]
May 31 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Failed password for invalid user webmaster from 176.65.132.22 port 41190 ssh2
May 31 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Connection closed by 176.65.132.22 port 41190 [preauth]
May 31 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Received disconnect from 74.48.69.130 port 42576:11: disconnected by user [preauth]
May 31 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Disconnected from 74.48.69.130 port 42576 [preauth]
May 31 08:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: Failed password for root from 176.65.132.22 port 41196 ssh2
May 31 08:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: Connection closed by 176.65.132.22 port 41196 [preauth]
May 31 08:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for root from 176.65.132.22 port 52708 ssh2
May 31 08:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Connection closed by 176.65.132.22 port 52708 [preauth]
May 31 08:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Invalid user odoo18 from 176.65.132.22
May 31 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: input_userauth_request: invalid user odoo18 [preauth]
May 31 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session closed for user root
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session closed for user p13x
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: Successful su for rubyman by root
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: + ??? root:rubyman
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428094 of user rubyman.
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: pam_unix(su:session): session closed for user rubyman
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428094.
May 31 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: Failed password for root from 202.133.90.219 port 34828 ssh2
May 31 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Failed password for invalid user odoo18 from 176.65.132.22 port 52720 ssh2
May 31 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18126]: pam_unix(cron:session): session closed for user root
May 31 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Connection closed by 176.65.132.22 port 52720 [preauth]
May 31 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: Connection closed by 202.133.90.219 port 34828 [preauth]
May 31 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session closed for user root
May 31 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session closed for user samftp
May 31 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: Invalid user appuser from 176.65.132.22
May 31 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: input_userauth_request: invalid user appuser [preauth]
May 31 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: Failed password for invalid user appuser from 176.65.132.22 port 50906 ssh2
May 31 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18494]: Connection closed by 176.65.132.22 port 50906 [preauth]
May 31 08:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for root from 176.65.132.22 port 33896 ssh2
May 31 08:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Connection closed by 176.65.132.22 port 33896 [preauth]
May 31 08:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: Failed password for root from 206.72.205.99 port 44056 ssh2
May 31 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18533]: Connection closed by 206.72.205.99 port 44056 [preauth]
May 31 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: Failed password for root from 176.65.132.22 port 33908 ssh2
May 31 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: Connection closed by 176.65.132.22 port 33908 [preauth]
May 31 08:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: Failed password for root from 176.65.132.22 port 58482 ssh2
May 31 08:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: Connection closed by 176.65.132.22 port 58482 [preauth]
May 31 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: Invalid user adminuser from 176.65.132.22
May 31 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: input_userauth_request: invalid user adminuser [preauth]
May 31 08:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session closed for user root
May 31 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: Failed password for invalid user adminuser from 176.65.132.22 port 58496 ssh2
May 31 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: Connection closed by 176.65.132.22 port 58496 [preauth]
May 31 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Invalid user adminuser from 176.65.132.22
May 31 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: input_userauth_request: invalid user adminuser [preauth]
May 31 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Failed password for invalid user adminuser from 176.65.132.22 port 56400 ssh2
May 31 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Connection closed by 176.65.132.22 port 56400 [preauth]
May 31 08:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Invalid user ghost from 176.65.132.22
May 31 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: input_userauth_request: invalid user ghost [preauth]
May 31 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Failed password for invalid user ghost from 176.65.132.22 port 56164 ssh2
May 31 08:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Connection closed by 176.65.132.22 port 56164 [preauth]
May 31 08:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Invalid user cloud from 176.65.132.22
May 31 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: input_userauth_request: invalid user cloud [preauth]
May 31 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user cloud from 176.65.132.22 port 56176 ssh2
May 31 08:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Connection closed by 176.65.132.22 port 56176 [preauth]
May 31 08:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Invalid user master from 176.65.132.22
May 31 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: input_userauth_request: invalid user master [preauth]
May 31 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Failed password for invalid user master from 176.65.132.22 port 40988 ssh2
May 31 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Connection closed by 176.65.132.22 port 40988 [preauth]
May 31 08:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18677]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session closed for user p13x
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Invalid user ftpuser from 176.65.132.22
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: input_userauth_request: invalid user ftpuser [preauth]
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Failed password for root from 185.236.22.41 port 56514 ssh2
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: Successful su for rubyman by root
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: + ??? root:rubyman
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428098 of user rubyman.
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: pam_unix(su:session): session closed for user rubyman
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428098.
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Connection closed by 185.236.22.41 port 56514 [preauth]
May 31 08:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Failed password for invalid user ftpuser from 176.65.132.22 port 57886 ssh2
May 31 08:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Connection closed by 176.65.132.22 port 57886 [preauth]
May 31 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session closed for user root
May 31 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18675]: pam_unix(cron:session): session closed for user samftp
May 31 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Invalid user ec2-user from 176.65.132.22
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: input_userauth_request: invalid user ec2-user [preauth]
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: Failed password for root from 206.72.205.99 port 54000 ssh2
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: Connection closed by 206.72.205.99 port 54000 [preauth]
May 31 08:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Failed password for invalid user ec2-user from 176.65.132.22 port 57888 ssh2
May 31 08:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Connection closed by 176.65.132.22 port 57888 [preauth]
May 31 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: Failed password for root from 176.65.132.22 port 33986 ssh2
May 31 08:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: Connection closed by 176.65.132.22 port 33986 [preauth]
May 31 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Invalid user master from 176.65.132.22
May 31 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: input_userauth_request: invalid user master [preauth]
May 31 08:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Failed password for invalid user master from 176.65.132.22 port 33990 ssh2
May 31 08:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Connection closed by 176.65.132.22 port 33990 [preauth]
May 31 08:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: Invalid user ossuser from 176.65.132.22
May 31 08:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: input_userauth_request: invalid user ossuser [preauth]
May 31 08:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: Failed password for invalid user ossuser from 176.65.132.22 port 51224 ssh2
May 31 08:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: Connection closed by 176.65.132.22 port 51224 [preauth]
May 31 08:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Failed password for root from 202.133.90.219 port 35754 ssh2
May 31 08:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Connection closed by 202.133.90.219 port 35754 [preauth]
May 31 08:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session closed for user root
May 31 08:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: Failed password for root from 176.65.132.22 port 34654 ssh2
May 31 08:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: Connection closed by 176.65.132.22 port 34654 [preauth]
May 31 08:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Invalid user user1 from 176.65.132.22
May 31 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: input_userauth_request: invalid user user1 [preauth]
May 31 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Failed password for invalid user user1 from 176.65.132.22 port 34662 ssh2
May 31 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Connection closed by 176.65.132.22 port 34662 [preauth]
May 31 08:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 08:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Invalid user user1 from 176.65.132.22
May 31 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: input_userauth_request: invalid user user1 [preauth]
May 31 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for root from 80.94.95.115 port 55214 ssh2
May 31 08:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Connection closed by 80.94.95.115 port 55214 [preauth]
May 31 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Failed password for invalid user user1 from 176.65.132.22 port 53486 ssh2
May 31 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Connection closed by 176.65.132.22 port 53486 [preauth]
May 31 08:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Invalid user ai from 176.65.132.22
May 31 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: input_userauth_request: invalid user ai [preauth]
May 31 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Failed password for invalid user ai from 176.65.132.22 port 53494 ssh2
May 31 08:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Connection closed by 176.65.132.22 port 53494 [preauth]
May 31 08:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Failed password for root from 206.72.205.99 port 57788 ssh2
May 31 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Connection closed by 206.72.205.99 port 57788 [preauth]
May 31 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Invalid user ai from 176.65.132.22
May 31 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: input_userauth_request: invalid user ai [preauth]
May 31 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Failed password for invalid user ai from 176.65.132.22 port 33432 ssh2
May 31 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Connection closed by 176.65.132.22 port 33432 [preauth]
May 31 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user p13x
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: Successful su for rubyman by root
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: + ??? root:rubyman
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428101 of user rubyman.
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: pam_unix(su:session): session closed for user rubyman
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428101.
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: Invalid user ftpuser1 from 176.65.132.22
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: input_userauth_request: invalid user ftpuser1 [preauth]
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Failed password for root from 94.159.98.239 port 42470 ssh2
May 31 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Connection closed by 94.159.98.239 port 42470 [preauth]
May 31 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Received disconnect from 45.78.194.186 port 39218:11: Bye Bye [preauth]
May 31 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Disconnected from 45.78.194.186 port 39218 [preauth]
May 31 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: Failed password for invalid user ftpuser1 from 176.65.132.22 port 46308 ssh2
May 31 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16342]: pam_unix(cron:session): session closed for user root
May 31 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19291]: Connection closed by 176.65.132.22 port 46308 [preauth]
May 31 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user samftp
May 31 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: Invalid user work from 176.65.132.22
May 31 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: input_userauth_request: invalid user work [preauth]
May 31 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: Failed password for invalid user work from 176.65.132.22 port 46318 ssh2
May 31 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: Connection closed by 176.65.132.22 port 46318 [preauth]
May 31 08:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Invalid user student from 176.65.132.22
May 31 08:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: input_userauth_request: invalid user student [preauth]
May 31 08:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user student from 176.65.132.22 port 43932 ssh2
May 31 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Connection closed by 176.65.132.22 port 43932 [preauth]
May 31 08:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 08:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Invalid user deployer from 176.65.132.22
May 31 08:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: input_userauth_request: invalid user deployer [preauth]
May 31 08:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Failed password for root from 147.45.199.80 port 56310 ssh2
May 31 08:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Connection closed by 147.45.199.80 port 56310 [preauth]
May 31 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Failed password for invalid user deployer from 176.65.132.22 port 43946 ssh2
May 31 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Connection closed by 176.65.132.22 port 43946 [preauth]
May 31 08:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Invalid user ansible from 176.65.132.22
May 31 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: input_userauth_request: invalid user ansible [preauth]
May 31 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Failed password for invalid user ansible from 176.65.132.22 port 57602 ssh2
May 31 08:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Connection closed by 176.65.132.22 port 57602 [preauth]
May 31 08:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Invalid user deploy from 176.65.132.22
May 31 08:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: input_userauth_request: invalid user deploy [preauth]
May 31 08:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session closed for user root
May 31 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Failed password for invalid user deploy from 176.65.132.22 port 42114 ssh2
May 31 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Connection closed by 176.65.132.22 port 42114 [preauth]
May 31 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Invalid user test from 206.72.205.99
May 31 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: input_userauth_request: invalid user test [preauth]
May 31 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: Invalid user uftp from 176.65.132.22
May 31 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: input_userauth_request: invalid user uftp [preauth]
May 31 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: Failed password for invalid user uftp from 176.65.132.22 port 42118 ssh2
May 31 08:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19790]: Connection closed by 176.65.132.22 port 42118 [preauth]
May 31 08:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user test from 206.72.205.99 port 47560 ssh2
May 31 08:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Connection closed by 206.72.205.99 port 47560 [preauth]
May 31 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Invalid user openclaw from 176.65.132.22
May 31 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: input_userauth_request: invalid user openclaw [preauth]
May 31 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Failed password for invalid user openclaw from 176.65.132.22 port 39238 ssh2
May 31 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Connection closed by 176.65.132.22 port 39238 [preauth]
May 31 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Invalid user deploy from 176.65.132.22
May 31 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: input_userauth_request: invalid user deploy [preauth]
May 31 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Failed password for invalid user deploy from 176.65.132.22 port 39256 ssh2
May 31 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Connection closed by 176.65.132.22 port 39256 [preauth]
May 31 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: Failed password for root from 176.65.132.22 port 42952 ssh2
May 31 08:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: Connection closed by 176.65.132.22 port 42952 [preauth]
May 31 08:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Received disconnect from 31.42.184.158 port 60732:11: disconnected by user [preauth]
May 31 08:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Disconnected from 31.42.184.158 port 60732 [preauth]
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19868]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19867]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19864]: pam_unix(cron:session): session closed for user p13x
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19926]: Successful su for rubyman by root
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19926]: + ??? root:rubyman
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428106 of user rubyman.
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19926]: pam_unix(su:session): session closed for user rubyman
May 31 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428106.
May 31 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: Failed password for root from 202.133.90.219 port 49238 ssh2
May 31 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: Connection closed by 202.133.90.219 port 49238 [preauth]
May 31 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session closed for user root
May 31 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Failed password for root from 176.65.132.22 port 52778 ssh2
May 31 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Connection closed by 176.65.132.22 port 52778 [preauth]
May 31 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19866]: pam_unix(cron:session): session closed for user samftp
May 31 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Invalid user operator from 176.65.132.22
May 31 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: input_userauth_request: invalid user operator [preauth]
May 31 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user operator from 176.65.132.22 port 52806 ssh2
May 31 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Connection closed by 176.65.132.22 port 52806 [preauth]
May 31 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: Failed password for root from 176.65.132.22 port 39816 ssh2
May 31 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: Connection closed by 176.65.132.22 port 39816 [preauth]
May 31 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: User nobody from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: input_userauth_request: invalid user nobody [preauth]
May 31 08:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=nobody
May 31 08:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Failed password for invalid user nobody from 176.65.132.22 port 39832 ssh2
May 31 08:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Connection closed by 176.65.132.22 port 39832 [preauth]
May 31 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Invalid user user from 206.72.205.99
May 31 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: input_userauth_request: invalid user user [preauth]
May 31 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Failed password for invalid user user from 206.72.205.99 port 50216 ssh2
May 31 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Connection closed by 206.72.205.99 port 50216 [preauth]
May 31 08:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Invalid user test from 176.65.132.22
May 31 08:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: input_userauth_request: invalid user test [preauth]
May 31 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for invalid user test from 176.65.132.22 port 37646 ssh2
May 31 08:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Connection closed by 176.65.132.22 port 37646 [preauth]
May 31 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Invalid user playground from 176.65.132.22
May 31 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: input_userauth_request: invalid user playground [preauth]
May 31 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18677]: pam_unix(cron:session): session closed for user root
May 31 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Failed password for invalid user playground from 176.65.132.22 port 56404 ssh2
May 31 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Connection closed by 176.65.132.22 port 56404 [preauth]
May 31 08:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Invalid user ivan from 45.78.194.186
May 31 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: input_userauth_request: invalid user ivan [preauth]
May 31 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186
May 31 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Failed password for invalid user ivan from 45.78.194.186 port 55542 ssh2
May 31 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Failed password for root from 176.65.132.22 port 56418 ssh2
May 31 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Connection closed by 176.65.132.22 port 56418 [preauth]
May 31 08:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Received disconnect from 45.78.194.186 port 55542:11: Bye Bye [preauth]
May 31 08:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Disconnected from 45.78.194.186 port 55542 [preauth]
May 31 08:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Failed password for root from 176.65.132.22 port 39840 ssh2
May 31 08:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Connection closed by 176.65.132.22 port 39840 [preauth]
May 31 08:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: Failed password for root from 176.65.132.22 port 39862 ssh2
May 31 08:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: Connection closed by 176.65.132.22 port 39862 [preauth]
May 31 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Invalid user teamspeak from 176.65.132.22
May 31 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: input_userauth_request: invalid user teamspeak [preauth]
May 31 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Failed password for invalid user teamspeak from 176.65.132.22 port 40356 ssh2
May 31 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Connection closed by 176.65.132.22 port 40356 [preauth]
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20391]: pam_unix(cron:session): session closed for user p13x
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: Successful su for rubyman by root
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: + ??? root:rubyman
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428109 of user rubyman.
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: pam_unix(su:session): session closed for user rubyman
May 31 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428109.
May 31 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session closed for user root
May 31 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Invalid user splunk from 176.65.132.22
May 31 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: input_userauth_request: invalid user splunk [preauth]
May 31 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session closed for user root
May 31 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Failed password for invalid user splunk from 176.65.132.22 port 55254 ssh2
May 31 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20392]: pam_unix(cron:session): session closed for user samftp
May 31 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Connection closed by 176.65.132.22 port 55254 [preauth]
May 31 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Invalid user ubuntu from 176.65.132.22
May 31 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20824]: Failed password for root from 109.237.96.109 port 39768 ssh2
May 31 08:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20824]: Connection closed by 109.237.96.109 port 39768 [preauth]
May 31 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Failed password for invalid user ubuntu from 176.65.132.22 port 55270 ssh2
May 31 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Connection closed by 176.65.132.22 port 55270 [preauth]
May 31 08:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for root from 206.72.205.99 port 59546 ssh2
May 31 08:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Connection closed by 206.72.205.99 port 59546 [preauth]
May 31 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: Invalid user nexus from 176.65.132.22
May 31 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: input_userauth_request: invalid user nexus [preauth]
May 31 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: Failed password for invalid user nexus from 176.65.132.22 port 58880 ssh2
May 31 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: Connection closed by 176.65.132.22 port 58880 [preauth]
May 31 08:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: Invalid user testuser from 176.65.132.22
May 31 08:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: input_userauth_request: invalid user testuser [preauth]
May 31 08:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: Failed password for invalid user testuser from 176.65.132.22 port 58894 ssh2
May 31 08:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: Connection closed by 176.65.132.22 port 58894 [preauth]
May 31 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Invalid user test from 37.120.213.13
May 31 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: input_userauth_request: invalid user test [preauth]
May 31 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13
May 31 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Failed password for invalid user test from 37.120.213.13 port 39228 ssh2
May 31 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Connection closed by 37.120.213.13 port 39228 [preauth]
May 31 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Invalid user root1 from 176.65.132.22
May 31 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: input_userauth_request: invalid user root1 [preauth]
May 31 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Failed password for root from 202.133.90.219 port 45146 ssh2
May 31 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Connection closed by 202.133.90.219 port 45146 [preauth]
May 31 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Failed password for invalid user root1 from 176.65.132.22 port 40030 ssh2
May 31 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Connection closed by 176.65.132.22 port 40030 [preauth]
May 31 08:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: Invalid user sam from 176.65.132.22
May 31 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: input_userauth_request: invalid user sam [preauth]
May 31 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session closed for user root
May 31 08:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: Failed password for invalid user sam from 176.65.132.22 port 35494 ssh2
May 31 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20907]: Connection closed by 176.65.132.22 port 35494 [preauth]
May 31 08:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: Invalid user sam from 176.65.132.22
May 31 08:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: input_userauth_request: invalid user sam [preauth]
May 31 08:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: Failed password for invalid user sam from 176.65.132.22 port 35502 ssh2
May 31 08:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: Connection closed by 176.65.132.22 port 35502 [preauth]
May 31 08:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Invalid user ethan from 176.65.132.22
May 31 08:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: input_userauth_request: invalid user ethan [preauth]
May 31 08:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for invalid user ethan from 176.65.132.22 port 43076 ssh2
May 31 08:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Connection closed by 176.65.132.22 port 43076 [preauth]
May 31 08:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Failed password for root from 176.65.132.22 port 43088 ssh2
May 31 08:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Connection closed by 176.65.132.22 port 43088 [preauth]
May 31 08:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for root from 176.65.132.22 port 57496 ssh2
May 31 08:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Connection closed by 176.65.132.22 port 57496 [preauth]
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21004]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21007]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21006]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21007]: pam_unix(cron:session): session closed for user root
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session closed for user p13x
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Invalid user test from 176.65.132.22
May 31 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: input_userauth_request: invalid user test [preauth]
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: Successful su for rubyman by root
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: + ??? root:rubyman
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428116 of user rubyman.
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: pam_unix(su:session): session closed for user rubyman
May 31 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428116.
May 31 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session closed for user root
May 31 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Failed password for invalid user test from 176.65.132.22 port 56942 ssh2
May 31 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21004]: pam_unix(cron:session): session closed for user root
May 31 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Connection closed by 176.65.132.22 port 56942 [preauth]
May 31 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: Invalid user admin from 206.72.205.99
May 31 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: input_userauth_request: invalid user admin [preauth]
May 31 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session closed for user samftp
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Invalid user teamspeak from 176.65.132.22
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: input_userauth_request: invalid user teamspeak [preauth]
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: Failed password for invalid user admin from 206.72.205.99 port 43976 ssh2
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: Connection closed by 206.72.205.99 port 43976 [preauth]
May 31 08:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Failed password for invalid user teamspeak from 176.65.132.22 port 56946 ssh2
May 31 08:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Connection closed by 176.65.132.22 port 56946 [preauth]
May 31 08:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Invalid user teamspeak from 176.65.132.22
May 31 08:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: input_userauth_request: invalid user teamspeak [preauth]
May 31 08:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Failed password for invalid user teamspeak from 176.65.132.22 port 38436 ssh2
May 31 08:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Connection closed by 176.65.132.22 port 38436 [preauth]
May 31 08:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Failed password for root from 176.65.132.22 port 38446 ssh2
May 31 08:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Connection closed by 176.65.132.22 port 38446 [preauth]
May 31 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Invalid user test2 from 176.65.132.22
May 31 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: input_userauth_request: invalid user test2 [preauth]
May 31 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Failed password for invalid user test2 from 176.65.132.22 port 48148 ssh2
May 31 08:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Connection closed by 176.65.132.22 port 48148 [preauth]
May 31 08:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Failed password for root from 147.45.197.250 port 55240 ssh2
May 31 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Invalid user bio035 from 104.248.161.154
May 31 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: input_userauth_request: invalid user bio035 [preauth]
May 31 08:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Connection closed by 147.45.197.250 port 55240 [preauth]
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.161.154
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Invalid user gns3 from 176.65.132.22
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: input_userauth_request: invalid user gns3 [preauth]
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19868]: pam_unix(cron:session): session closed for user root
May 31 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Failed password for invalid user bio035 from 104.248.161.154 port 54252 ssh2
May 31 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Connection closed by 104.248.161.154 port 54252 [preauth]
May 31 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user gns3 from 176.65.132.22 port 51354 ssh2
May 31 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Connection closed by 176.65.132.22 port 51354 [preauth]
May 31 08:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: Failed password for root from 176.65.132.22 port 51366 ssh2
May 31 08:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: Connection closed by 176.65.132.22 port 51366 [preauth]
May 31 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Invalid user niaoyun from 176.65.132.22
May 31 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: input_userauth_request: invalid user niaoyun [preauth]
May 31 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Failed password for invalid user niaoyun from 176.65.132.22 port 54790 ssh2
May 31 08:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Connection closed by 176.65.132.22 port 54790 [preauth]
May 31 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: Failed password for root from 176.65.132.22 port 54804 ssh2
May 31 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: Connection closed by 176.65.132.22 port 54804 [preauth]
May 31 08:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Failed password for root from 176.65.132.22 port 47496 ssh2
May 31 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Connection closed by 176.65.132.22 port 47496 [preauth]
May 31 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Failed password for root from 202.133.90.219 port 56822 ssh2
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Invalid user cirros from 206.72.205.99
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: input_userauth_request: invalid user cirros [preauth]
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session closed for user p13x
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21548]: Successful su for rubyman by root
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21548]: + ??? root:rubyman
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428120 of user rubyman.
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21548]: pam_unix(su:session): session closed for user rubyman
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428120.
May 31 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Connection closed by 202.133.90.219 port 56822 [preauth]
May 31 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Failed password for invalid user cirros from 206.72.205.99 port 37780 ssh2
May 31 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Connection closed by 206.72.205.99 port 37780 [preauth]
May 31 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Failed password for root from 176.65.132.22 port 48452 ssh2
May 31 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session closed for user root
May 31 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Connection closed by 176.65.132.22 port 48452 [preauth]
May 31 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session closed for user samftp
May 31 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: Invalid user fastuser from 176.65.132.22
May 31 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: input_userauth_request: invalid user fastuser [preauth]
May 31 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: Failed password for invalid user fastuser from 176.65.132.22 port 48474 ssh2
May 31 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: Connection closed by 176.65.132.22 port 48474 [preauth]
May 31 08:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Invalid user minecraft from 176.65.132.22
May 31 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: input_userauth_request: invalid user minecraft [preauth]
May 31 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Failed password for invalid user minecraft from 176.65.132.22 port 38034 ssh2
May 31 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Connection closed by 176.65.132.22 port 38034 [preauth]
May 31 08:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Invalid user user from 176.65.132.22
May 31 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: input_userauth_request: invalid user user [preauth]
May 31 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Failed password for invalid user user from 176.65.132.22 port 38042 ssh2
May 31 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Connection closed by 176.65.132.22 port 38042 [preauth]
May 31 08:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: Invalid user steam from 176.65.132.22
May 31 08:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: input_userauth_request: invalid user steam [preauth]
May 31 08:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: Failed password for invalid user steam from 176.65.132.22 port 59340 ssh2
May 31 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: Connection closed by 176.65.132.22 port 59340 [preauth]
May 31 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: Invalid user admin from 176.65.132.22
May 31 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: input_userauth_request: invalid user admin [preauth]
May 31 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20394]: pam_unix(cron:session): session closed for user root
May 31 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: Failed password for invalid user admin from 176.65.132.22 port 47760 ssh2
May 31 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21819]: Connection closed by 176.65.132.22 port 47760 [preauth]
May 31 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Invalid user admin from 176.65.132.22
May 31 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: input_userauth_request: invalid user admin [preauth]
May 31 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Failed password for invalid user admin from 176.65.132.22 port 47766 ssh2
May 31 08:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Connection closed by 176.65.132.22 port 47766 [preauth]
May 31 08:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Invalid user dev from 176.65.132.22
May 31 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: input_userauth_request: invalid user dev [preauth]
May 31 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Failed password for invalid user dev from 176.65.132.22 port 33716 ssh2
May 31 08:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Connection closed by 176.65.132.22 port 33716 [preauth]
May 31 08:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: Invalid user deploy from 176.65.132.22
May 31 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: input_userauth_request: invalid user deploy [preauth]
May 31 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: Failed password for invalid user deploy from 176.65.132.22 port 33728 ssh2
May 31 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: Connection closed by 176.65.132.22 port 33728 [preauth]
May 31 08:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: Invalid user user from 176.65.132.22
May 31 08:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: input_userauth_request: invalid user user [preauth]
May 31 08:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: Failed password for invalid user user from 176.65.132.22 port 43502 ssh2
May 31 08:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: Connection closed by 176.65.132.22 port 43502 [preauth]
May 31 08:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: Failed password for root from 206.72.205.99 port 51736 ssh2
May 31 08:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: Connection closed by 206.72.205.99 port 51736 [preauth]
May 31 08:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: Invalid user odoo17 from 176.65.132.22
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: input_userauth_request: invalid user odoo17 [preauth]
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21928]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session closed for user p13x
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21986]: Successful su for rubyman by root
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21986]: + ??? root:rubyman
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428124 of user rubyman.
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21986]: pam_unix(su:session): session closed for user rubyman
May 31 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428124.
May 31 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: Failed password for invalid user odoo17 from 176.65.132.22 port 43516 ssh2
May 31 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: Connection closed by 176.65.132.22 port 43516 [preauth]
May 31 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18676]: pam_unix(cron:session): session closed for user root
May 31 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21926]: pam_unix(cron:session): session closed for user samftp
May 31 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21912]: Failed password for root from 45.78.194.186 port 40698 ssh2
May 31 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21912]: Received disconnect from 45.78.194.186 port 40698:11: Bye Bye [preauth]
May 31 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21912]: Disconnected from 45.78.194.186 port 40698 [preauth]
May 31 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: Invalid user username from 176.65.132.22
May 31 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: input_userauth_request: invalid user username [preauth]
May 31 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: Failed password for invalid user username from 176.65.132.22 port 46088 ssh2
May 31 08:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: Connection closed by 176.65.132.22 port 46088 [preauth]
May 31 08:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Invalid user agent from 176.65.132.22
May 31 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: input_userauth_request: invalid user agent [preauth]
May 31 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Failed password for invalid user agent from 176.65.132.22 port 51292 ssh2
May 31 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Connection closed by 176.65.132.22 port 51292 [preauth]
May 31 08:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Invalid user ivan from 176.65.132.22
May 31 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: input_userauth_request: invalid user ivan [preauth]
May 31 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Failed password for invalid user ivan from 176.65.132.22 port 51304 ssh2
May 31 08:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Connection closed by 176.65.132.22 port 51304 [preauth]
May 31 08:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: Invalid user myuser from 176.65.132.22
May 31 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: input_userauth_request: invalid user myuser [preauth]
May 31 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: Failed password for invalid user myuser from 176.65.132.22 port 37824 ssh2
May 31 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22229]: Connection closed by 176.65.132.22 port 37824 [preauth]
May 31 08:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Invalid user admin from 176.65.132.22
May 31 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: input_userauth_request: invalid user admin [preauth]
May 31 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Failed password for root from 202.133.90.219 port 51372 ssh2
May 31 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Connection closed by 202.133.90.219 port 51372 [preauth]
May 31 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Failed password for invalid user admin from 176.65.132.22 port 45960 ssh2
May 31 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Connection closed by 176.65.132.22 port 45960 [preauth]
May 31 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21006]: pam_unix(cron:session): session closed for user root
May 31 08:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Invalid user david from 176.65.132.22
May 31 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: input_userauth_request: invalid user david [preauth]
May 31 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user david from 176.65.132.22 port 45964 ssh2
May 31 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Connection closed by 176.65.132.22 port 45964 [preauth]
May 31 08:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Invalid user username from 176.65.132.22
May 31 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: input_userauth_request: invalid user username [preauth]
May 31 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Failed password for invalid user username from 176.65.132.22 port 42700 ssh2
May 31 08:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Connection closed by 176.65.132.22 port 42700 [preauth]
May 31 08:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: Invalid user ubuntu from 176.65.132.22
May 31 08:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: Failed password for invalid user ubuntu from 176.65.132.22 port 42702 ssh2
May 31 08:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: Connection closed by 176.65.132.22 port 42702 [preauth]
May 31 08:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: Failed password for root from 206.72.205.99 port 41842 ssh2
May 31 08:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: Connection closed by 206.72.205.99 port 41842 [preauth]
May 31 08:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Failed password for root from 176.65.132.22 port 55358 ssh2
May 31 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Connection closed by 176.65.132.22 port 55358 [preauth]
May 31 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22345]: pam_unix(cron:session): session closed for user p13x
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22403]: Successful su for rubyman by root
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22403]: + ??? root:rubyman
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428128 of user rubyman.
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22403]: pam_unix(su:session): session closed for user rubyman
May 31 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428128.
May 31 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user root
May 31 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Failed password for root from 176.65.132.22 port 54242 ssh2
May 31 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Connection closed by 176.65.132.22 port 54242 [preauth]
May 31 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22346]: pam_unix(cron:session): session closed for user samftp
May 31 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Invalid user test from 176.65.132.22
May 31 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: input_userauth_request: invalid user test [preauth]
May 31 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for invalid user test from 176.65.132.22 port 54256 ssh2
May 31 08:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Connection closed by 176.65.132.22 port 54256 [preauth]
May 31 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Invalid user username from 176.65.132.22
May 31 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: input_userauth_request: invalid user username [preauth]
May 31 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Failed password for invalid user username from 176.65.132.22 port 54826 ssh2
May 31 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Connection closed by 176.65.132.22 port 54826 [preauth]
May 31 08:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for root from 176.65.132.22 port 54850 ssh2
May 31 08:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Connection closed by 176.65.132.22 port 54850 [preauth]
May 31 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Invalid user alex from 176.65.132.22
May 31 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: input_userauth_request: invalid user alex [preauth]
May 31 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Failed password for invalid user alex from 176.65.132.22 port 40334 ssh2
May 31 08:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Connection closed by 176.65.132.22 port 40334 [preauth]
May 31 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: Invalid user pi from 176.65.132.22
May 31 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: input_userauth_request: invalid user pi [preauth]
May 31 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session closed for user root
May 31 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: Failed password for invalid user pi from 176.65.132.22 port 50528 ssh2
May 31 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: Connection closed by 176.65.132.22 port 50528 [preauth]
May 31 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Invalid user pi from 176.65.132.22
May 31 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: input_userauth_request: invalid user pi [preauth]
May 31 08:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Failed password for invalid user pi from 176.65.132.22 port 50540 ssh2
May 31 08:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Connection closed by 176.65.132.22 port 50540 [preauth]
May 31 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Failed password for root from 45.78.194.186 port 36186 ssh2
May 31 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Received disconnect from 45.78.194.186 port 36186:11: Bye Bye [preauth]
May 31 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Disconnected from 45.78.194.186 port 36186 [preauth]
May 31 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Failed password for root from 176.65.132.22 port 53990 ssh2
May 31 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Connection closed by 176.65.132.22 port 53990 [preauth]
May 31 08:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Invalid user admin from 206.72.205.99
May 31 08:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: input_userauth_request: invalid user admin [preauth]
May 31 08:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Invalid user demo from 176.65.132.22
May 31 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: input_userauth_request: invalid user demo [preauth]
May 31 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Failed password for invalid user admin from 206.72.205.99 port 44230 ssh2
May 31 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Connection closed by 206.72.205.99 port 44230 [preauth]
May 31 08:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Failed password for invalid user demo from 176.65.132.22 port 53996 ssh2
May 31 08:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Connection closed by 176.65.132.22 port 53996 [preauth]
May 31 08:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Invalid user deploy from 176.65.132.22
May 31 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: input_userauth_request: invalid user deploy [preauth]
May 31 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Failed password for invalid user deploy from 176.65.132.22 port 33024 ssh2
May 31 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Connection closed by 176.65.132.22 port 33024 [preauth]
May 31 08:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for root from 202.133.90.219 port 51844 ssh2
May 31 08:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Connection closed by 202.133.90.219 port 51844 [preauth]
May 31 08:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Invalid user data from 176.65.132.22
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: input_userauth_request: invalid user data [preauth]
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user p13x
May 31 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22821]: Successful su for rubyman by root
May 31 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22821]: + ??? root:rubyman
May 31 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428132 of user rubyman.
May 31 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22821]: pam_unix(su:session): session closed for user rubyman
May 31 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428132.
May 31 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19867]: pam_unix(cron:session): session closed for user root
May 31 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Failed password for invalid user data from 176.65.132.22 port 52820 ssh2
May 31 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Connection closed by 176.65.132.22 port 52820 [preauth]
May 31 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22757]: pam_unix(cron:session): session closed for user samftp
May 31 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Failed password for root from 176.65.132.22 port 52838 ssh2
May 31 08:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Connection closed by 176.65.132.22 port 52838 [preauth]
May 31 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for root from 176.65.132.22 port 57744 ssh2
May 31 08:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Connection closed by 176.65.132.22 port 57744 [preauth]
May 31 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: Invalid user teste from 176.65.132.22
May 31 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: input_userauth_request: invalid user teste [preauth]
May 31 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: Failed password for invalid user teste from 176.65.132.22 port 57754 ssh2
May 31 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: Connection closed by 176.65.132.22 port 57754 [preauth]
May 31 08:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 08:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Failed password for root from 193.228.128.84 port 38522 ssh2
May 31 08:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Connection closed by 193.228.128.84 port 38522 [preauth]
May 31 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Invalid user user from 176.65.132.22
May 31 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: input_userauth_request: invalid user user [preauth]
May 31 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Failed password for invalid user user from 176.65.132.22 port 36406 ssh2
May 31 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Connection closed by 176.65.132.22 port 36406 [preauth]
May 31 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21928]: pam_unix(cron:session): session closed for user root
May 31 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Failed password for root from 176.65.132.22 port 35068 ssh2
May 31 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Connection closed by 176.65.132.22 port 35068 [preauth]
May 31 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Invalid user user4 from 176.65.132.22
May 31 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: input_userauth_request: invalid user user4 [preauth]
May 31 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Failed password for invalid user user4 from 176.65.132.22 port 35084 ssh2
May 31 08:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Connection closed by 176.65.132.22 port 35084 [preauth]
May 31 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Failed password for root from 206.72.205.99 port 54176 ssh2
May 31 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Connection closed by 206.72.205.99 port 54176 [preauth]
May 31 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: Invalid user chris from 176.65.132.22
May 31 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: input_userauth_request: invalid user chris [preauth]
May 31 08:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: Failed password for invalid user chris from 176.65.132.22 port 42952 ssh2
May 31 08:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: Connection closed by 176.65.132.22 port 42952 [preauth]
May 31 08:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Did not receive identification string from 34.86.81.254
May 31 08:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: Did not receive identification string from 34.86.81.254
May 31 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Did not receive identification string from 34.86.81.254
May 31 08:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: Invalid user chris from 176.65.132.22
May 31 08:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: input_userauth_request: invalid user chris [preauth]
May 31 08:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: Failed password for invalid user chris from 176.65.132.22 port 42960 ssh2
May 31 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: Connection closed by 176.65.132.22 port 42960 [preauth]
May 31 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Invalid user aiuser from 176.65.132.22
May 31 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: input_userauth_request: invalid user aiuser [preauth]
May 31 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Failed password for invalid user aiuser from 176.65.132.22 port 43328 ssh2
May 31 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Connection closed by 176.65.132.22 port 43328 [preauth]
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23179]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session closed for user root
May 31 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23177]: pam_unix(cron:session): session closed for user p13x
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: Invalid user testuser from 176.65.132.22
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: input_userauth_request: invalid user testuser [preauth]
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23253]: Successful su for rubyman by root
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23253]: + ??? root:rubyman
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428138 of user rubyman.
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23253]: pam_unix(su:session): session closed for user rubyman
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428138.
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Invalid user admin from 34.86.81.254
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Invalid user admin from 34.86.81.254
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: input_userauth_request: invalid user admin [preauth]
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: input_userauth_request: invalid user admin [preauth]
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: Invalid user admin from 34.86.81.254
May 31 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: input_userauth_request: invalid user admin [preauth]
May 31 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23179]: pam_unix(cron:session): session closed for user root
May 31 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session closed for user root
May 31 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: Failed password for invalid user testuser from 176.65.132.22 port 37362 ssh2
May 31 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23174]: Connection closed by 176.65.132.22 port 37362 [preauth]
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: Invalid user admin from 34.86.81.254
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: input_userauth_request: invalid user admin [preauth]
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.86.81.254
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.86.81.254
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.86.81.254
May 31 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23178]: pam_unix(cron:session): session closed for user samftp
May 31 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Failed password for invalid user admin from 34.86.81.254 port 56860 ssh2
May 31 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Failed password for invalid user admin from 34.86.81.254 port 56870 ssh2
May 31 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: Failed password for invalid user admin from 34.86.81.254 port 56848 ssh2
May 31 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.86.81.254
May 31 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: Failed password for invalid user admin from 34.86.81.254 port 56878 ssh2
May 31 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Failed password for root from 176.65.132.22 port 37364 ssh2
May 31 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Connection closed by 176.65.132.22 port 37364 [preauth]
May 31 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Invalid user rocky from 176.65.132.22
May 31 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: input_userauth_request: invalid user rocky [preauth]
May 31 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23482]: Failed password for root from 45.78.194.186 port 40864 ssh2
May 31 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23482]: Received disconnect from 45.78.194.186 port 40864:11: Bye Bye [preauth]
May 31 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23482]: Disconnected from 45.78.194.186 port 40864 [preauth]
May 31 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Failed password for invalid user rocky from 176.65.132.22 port 53924 ssh2
May 31 08:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Connection closed by 176.65.132.22 port 53924 [preauth]
May 31 08:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Failed password for root from 176.65.132.22 port 53952 ssh2
May 31 08:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Connection closed by 176.65.132.22 port 53952 [preauth]
May 31 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: Invalid user bob from 176.65.132.22
May 31 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: input_userauth_request: invalid user bob [preauth]
May 31 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23511]: Failed password for root from 202.133.90.219 port 53670 ssh2
May 31 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23511]: Connection closed by 202.133.90.219 port 53670 [preauth]
May 31 08:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: Failed password for invalid user bob from 176.65.132.22 port 43904 ssh2
May 31 08:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: Connection closed by 176.65.132.22 port 43904 [preauth]
May 31 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: Invalid user bob from 176.65.132.22
May 31 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: input_userauth_request: invalid user bob [preauth]
May 31 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22348]: pam_unix(cron:session): session closed for user root
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: Failed password for invalid user bob from 176.65.132.22 port 53398 ssh2
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23556]: Connection closed by 176.65.132.22 port 53398 [preauth]
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Invalid user rpc from 206.72.205.99
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: input_userauth_request: invalid user rpc [preauth]
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Failed password for invalid user rpc from 206.72.205.99 port 36898 ssh2
May 31 08:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Connection closed by 206.72.205.99 port 36898 [preauth]
May 31 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Invalid user odoo14 from 176.65.132.22
May 31 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: input_userauth_request: invalid user odoo14 [preauth]
May 31 08:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Failed password for invalid user odoo14 from 176.65.132.22 port 53418 ssh2
May 31 08:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Connection closed by 176.65.132.22 port 53418 [preauth]
May 31 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: Invalid user chenxi from 176.65.132.22
May 31 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: input_userauth_request: invalid user chenxi [preauth]
May 31 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: Failed password for invalid user chenxi from 176.65.132.22 port 39758 ssh2
May 31 08:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: Connection closed by 176.65.132.22 port 39758 [preauth]
May 31 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Invalid user core from 176.65.132.22
May 31 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: input_userauth_request: invalid user core [preauth]
May 31 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Failed password for invalid user core from 176.65.132.22 port 39760 ssh2
May 31 08:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Connection closed by 176.65.132.22 port 39760 [preauth]
May 31 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: Invalid user ai from 176.65.132.22
May 31 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: input_userauth_request: invalid user ai [preauth]
May 31 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: Failed password for root from 62.133.63.178 port 35820 ssh2
May 31 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: Connection closed by 62.133.63.178 port 35820 [preauth]
May 31 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: Failed password for invalid user ai from 176.65.132.22 port 45990 ssh2
May 31 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: Connection closed by 176.65.132.22 port 45990 [preauth]
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23644]: pam_unix(cron:session): session closed for user p13x
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23721]: Successful su for rubyman by root
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23721]: + ??? root:rubyman
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428143 of user rubyman.
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23721]: pam_unix(su:session): session closed for user rubyman
May 31 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428143.
May 31 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: Invalid user user2 from 176.65.132.22
May 31 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: input_userauth_request: invalid user user2 [preauth]
May 31 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session closed for user root
May 31 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: Failed password for invalid user user2 from 176.65.132.22 port 42646 ssh2
May 31 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: Connection closed by 176.65.132.22 port 42646 [preauth]
May 31 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23645]: pam_unix(cron:session): session closed for user samftp
May 31 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Invalid user appuser from 176.65.132.22
May 31 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: input_userauth_request: invalid user appuser [preauth]
May 31 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Failed password for invalid user appuser from 176.65.132.22 port 42662 ssh2
May 31 08:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Connection closed by 176.65.132.22 port 42662 [preauth]
May 31 08:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Failed password for root from 176.65.132.22 port 38274 ssh2
May 31 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Connection closed by 176.65.132.22 port 38274 [preauth]
May 31 08:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Invalid user user2 from 176.65.132.22
May 31 08:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: input_userauth_request: invalid user user2 [preauth]
May 31 08:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Failed password for invalid user user2 from 176.65.132.22 port 38288 ssh2
May 31 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Connection closed by 176.65.132.22 port 38288 [preauth]
May 31 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: Connection closed by 34.86.81.254 port 56848 [preauth]
May 31 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Connection closed by 34.86.81.254 port 56860 [preauth]
May 31 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Connection closed by 34.86.81.254 port 56870 [preauth]
May 31 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: Connection closed by 34.86.81.254 port 56878 [preauth]
May 31 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 08:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: Invalid user newuser from 176.65.132.22
May 31 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: input_userauth_request: invalid user newuser [preauth]
May 31 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for root from 103.122.221.179 port 59990 ssh2
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Connection closed by 103.122.221.179 port 59990 [preauth]
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Invalid user ephraim from 213.209.159.56
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: input_userauth_request: invalid user ephraim [preauth]
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 08:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: Failed password for invalid user newuser from 176.65.132.22 port 38346 ssh2
May 31 08:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: Connection closed by 176.65.132.22 port 38346 [preauth]
May 31 08:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for invalid user ephraim from 213.209.159.56 port 36858 ssh2
May 31 08:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for invalid user ephraim from 213.209.159.56 port 36858 ssh2
May 31 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Invalid user sam from 176.65.132.22
May 31 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: input_userauth_request: invalid user sam [preauth]
May 31 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user root
May 31 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for invalid user ephraim from 213.209.159.56 port 36858 ssh2
May 31 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Failed password for root from 206.72.205.99 port 50814 ssh2
May 31 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Connection closed by 206.72.205.99 port 50814 [preauth]
May 31 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Failed password for invalid user sam from 176.65.132.22 port 58008 ssh2
May 31 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Connection closed by 176.65.132.22 port 58008 [preauth]
May 31 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for invalid user ephraim from 213.209.159.56 port 36858 ssh2
May 31 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Invalid user dev from 176.65.132.22
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: input_userauth_request: invalid user dev [preauth]
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for invalid user ephraim from 213.209.159.56 port 36858 ssh2
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Received disconnect from 213.209.159.56 port 36858:11: Bye [preauth]
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Disconnected from 213.209.159.56 port 36858 [preauth]
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Failed password for invalid user dev from 176.65.132.22 port 58024 ssh2
May 31 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Connection closed by 176.65.132.22 port 58024 [preauth]
May 31 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: Invalid user frappe from 176.65.132.22
May 31 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: input_userauth_request: invalid user frappe [preauth]
May 31 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: Failed password for invalid user frappe from 176.65.132.22 port 60050 ssh2
May 31 08:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24143]: Connection closed by 176.65.132.22 port 60050 [preauth]
May 31 08:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: Invalid user odoo from 176.65.132.22
May 31 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: input_userauth_request: invalid user odoo [preauth]
May 31 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: Failed password for invalid user odoo from 176.65.132.22 port 60064 ssh2
May 31 08:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24162]: Connection closed by 176.65.132.22 port 60064 [preauth]
May 31 08:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Failed password for root from 202.133.90.219 port 34686 ssh2
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Connection closed by 202.133.90.219 port 34686 [preauth]
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Invalid user internet from 45.78.194.186
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: input_userauth_request: invalid user internet [preauth]
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Invalid user deployer from 176.65.132.22
May 31 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: input_userauth_request: invalid user deployer [preauth]
May 31 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Failed password for invalid user internet from 45.78.194.186 port 57686 ssh2
May 31 08:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Received disconnect from 45.78.194.186 port 57686:11: Bye Bye [preauth]
May 31 08:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Disconnected from 45.78.194.186 port 57686 [preauth]
May 31 08:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Failed password for invalid user deployer from 176.65.132.22 port 57670 ssh2
May 31 08:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Connection closed by 176.65.132.22 port 57670 [preauth]
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session closed for user root
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24201]: pam_unix(cron:session): session closed for user p13x
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Invalid user user from 176.65.132.22
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: input_userauth_request: invalid user user [preauth]
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24285]: Successful su for rubyman by root
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24285]: + ??? root:rubyman
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428147 of user rubyman.
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24285]: pam_unix(su:session): session closed for user rubyman
May 31 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428147.
May 31 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21480]: pam_unix(cron:session): session closed for user root
May 31 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Failed password for invalid user user from 176.65.132.22 port 32884 ssh2
May 31 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Connection closed by 176.65.132.22 port 32884 [preauth]
May 31 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session closed for user samftp
May 31 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: Invalid user user1 from 176.65.132.22
May 31 08:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: input_userauth_request: invalid user user1 [preauth]
May 31 08:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: Failed password for invalid user user1 from 176.65.132.22 port 32900 ssh2
May 31 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: Connection closed by 176.65.132.22 port 32900 [preauth]
May 31 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Invalid user developer from 176.65.132.22
May 31 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: input_userauth_request: invalid user developer [preauth]
May 31 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Failed password for invalid user developer from 176.65.132.22 port 48396 ssh2
May 31 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Connection closed by 176.65.132.22 port 48396 [preauth]
May 31 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Invalid user server from 176.65.132.22
May 31 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: input_userauth_request: invalid user server [preauth]
May 31 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Failed password for invalid user server from 176.65.132.22 port 48426 ssh2
May 31 08:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Connection closed by 176.65.132.22 port 48426 [preauth]
May 31 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Invalid user server from 176.65.132.22
May 31 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: input_userauth_request: invalid user server [preauth]
May 31 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Failed password for invalid user server from 176.65.132.22 port 54156 ssh2
May 31 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Connection closed by 176.65.132.22 port 54156 [preauth]
May 31 08:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: Invalid user devops from 176.65.132.22
May 31 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: input_userauth_request: invalid user devops [preauth]
May 31 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session closed for user root
May 31 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: Failed password for invalid user devops from 176.65.132.22 port 60400 ssh2
May 31 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24544]: Connection closed by 176.65.132.22 port 60400 [preauth]
May 31 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Failed password for root from 206.72.205.99 port 39976 ssh2
May 31 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Connection closed by 206.72.205.99 port 39976 [preauth]
May 31 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Invalid user kingbase from 176.65.132.22
May 31 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: input_userauth_request: invalid user kingbase [preauth]
May 31 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Failed password for invalid user kingbase from 176.65.132.22 port 60414 ssh2
May 31 08:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Connection closed by 176.65.132.22 port 60414 [preauth]
May 31 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Invalid user admin from 176.65.132.22
May 31 08:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: input_userauth_request: invalid user admin [preauth]
May 31 08:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user admin from 176.65.132.22 port 54118 ssh2
May 31 08:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Connection closed by 176.65.132.22 port 54118 [preauth]
May 31 08:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Invalid user pi from 176.65.132.22
May 31 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: input_userauth_request: invalid user pi [preauth]
May 31 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Failed password for invalid user pi from 176.65.132.22 port 54130 ssh2
May 31 08:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Connection closed by 176.65.132.22 port 54130 [preauth]
May 31 08:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Invalid user pi from 176.65.132.22
May 31 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: input_userauth_request: invalid user pi [preauth]
May 31 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Failed password for invalid user pi from 176.65.132.22 port 40654 ssh2
May 31 08:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Connection closed by 176.65.132.22 port 40654 [preauth]
May 31 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24664]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24662]: pam_unix(cron:session): session closed for user p13x
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: Successful su for rubyman by root
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: + ??? root:rubyman
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428152 of user rubyman.
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: pam_unix(su:session): session closed for user rubyman
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428152.
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Invalid user odoo from 176.65.132.22
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: input_userauth_request: invalid user odoo [preauth]
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21927]: pam_unix(cron:session): session closed for user root
May 31 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Failed password for invalid user odoo from 176.65.132.22 port 51920 ssh2
May 31 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Connection closed by 176.65.132.22 port 51920 [preauth]
May 31 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24663]: pam_unix(cron:session): session closed for user samftp
May 31 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Invalid user odoo from 176.65.132.22
May 31 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: input_userauth_request: invalid user odoo [preauth]
May 31 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Failed password for invalid user odoo from 176.65.132.22 port 51946 ssh2
May 31 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Connection closed by 176.65.132.22 port 51946 [preauth]
May 31 08:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Invalid user dmdba from 176.65.132.22
May 31 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: input_userauth_request: invalid user dmdba [preauth]
May 31 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Failed password for invalid user dmdba from 176.65.132.22 port 43866 ssh2
May 31 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Connection closed by 176.65.132.22 port 43866 [preauth]
May 31 08:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for root from 176.65.132.22 port 43888 ssh2
May 31 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Connection closed by 176.65.132.22 port 43888 [preauth]
May 31 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Invalid user steam from 80.94.95.115
May 31 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: input_userauth_request: invalid user steam [preauth]
May 31 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Failed password for root from 202.133.90.219 port 50462 ssh2
May 31 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Connection closed by 202.133.90.219 port 50462 [preauth]
May 31 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 08:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Invalid user nvidia from 176.65.132.22
May 31 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: input_userauth_request: invalid user nvidia [preauth]
May 31 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Failed password for invalid user steam from 80.94.95.115 port 59148 ssh2
May 31 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Connection closed by 80.94.95.115 port 59148 [preauth]
May 31 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Failed password for invalid user nvidia from 176.65.132.22 port 44304 ssh2
May 31 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Connection closed by 176.65.132.22 port 44304 [preauth]
May 31 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Invalid user nvidia from 176.65.132.22
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: input_userauth_request: invalid user nvidia [preauth]
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Failed password for root from 45.78.194.186 port 33802 ssh2
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Received disconnect from 45.78.194.186 port 33802:11: Bye Bye [preauth]
May 31 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Disconnected from 45.78.194.186 port 33802 [preauth]
May 31 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23647]: pam_unix(cron:session): session closed for user root
May 31 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for root from 206.72.205.99 port 47476 ssh2
May 31 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Connection closed by 206.72.205.99 port 47476 [preauth]
May 31 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Failed password for root from 103.176.20.57 port 33640 ssh2
May 31 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Failed password for root from 103.149.170.125 port 34308 ssh2
May 31 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Failed password for invalid user nvidia from 176.65.132.22 port 38668 ssh2
May 31 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Connection closed by 103.176.20.57 port 33640 [preauth]
May 31 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Connection closed by 103.149.170.125 port 34308 [preauth]
May 31 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Connection closed by 176.65.132.22 port 38668 [preauth]
May 31 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Invalid user jellyfin from 176.65.132.22
May 31 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: input_userauth_request: invalid user jellyfin [preauth]
May 31 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Failed password for invalid user jellyfin from 176.65.132.22 port 38682 ssh2
May 31 08:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Connection closed by 176.65.132.22 port 38682 [preauth]
May 31 08:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Invalid user openclaw from 176.65.132.22
May 31 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: input_userauth_request: invalid user openclaw [preauth]
May 31 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Failed password for invalid user openclaw from 176.65.132.22 port 41624 ssh2
May 31 08:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Connection closed by 176.65.132.22 port 41624 [preauth]
May 31 08:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: Invalid user sysupdate from 176.65.132.22
May 31 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: input_userauth_request: invalid user sysupdate [preauth]
May 31 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: Failed password for invalid user sysupdate from 176.65.132.22 port 41636 ssh2
May 31 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: Connection closed by 176.65.132.22 port 41636 [preauth]
May 31 08:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: Invalid user support from 176.65.132.22
May 31 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: input_userauth_request: invalid user support [preauth]
May 31 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: Failed password for invalid user support from 176.65.132.22 port 48490 ssh2
May 31 08:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: Connection closed by 176.65.132.22 port 48490 [preauth]
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25098]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session closed for user p13x
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25162]: Successful su for rubyman by root
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25162]: + ??? root:rubyman
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428157 of user rubyman.
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25162]: pam_unix(su:session): session closed for user rubyman
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428157.
May 31 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: Invalid user admin from 176.65.132.22
May 31 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: input_userauth_request: invalid user admin [preauth]
May 31 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22347]: pam_unix(cron:session): session closed for user root
May 31 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user samftp
May 31 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: Failed password for invalid user admin from 176.65.132.22 port 36330 ssh2
May 31 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: Connection closed by 176.65.132.22 port 36330 [preauth]
May 31 08:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Invalid user debian from 176.65.132.22
May 31 08:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: input_userauth_request: invalid user debian [preauth]
May 31 08:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Failed password for invalid user debian from 176.65.132.22 port 36342 ssh2
May 31 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Connection closed by 176.65.132.22 port 36342 [preauth]
May 31 08:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Failed password for root from 176.65.132.22 port 38122 ssh2
May 31 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Connection closed by 176.65.132.22 port 38122 [preauth]
May 31 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Invalid user crafty from 176.65.132.22
May 31 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: input_userauth_request: invalid user crafty [preauth]
May 31 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Failed password for invalid user crafty from 176.65.132.22 port 38128 ssh2
May 31 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Connection closed by 176.65.132.22 port 38128 [preauth]
May 31 08:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Invalid user ec2-user from 176.65.132.22
May 31 08:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: input_userauth_request: invalid user ec2-user [preauth]
May 31 08:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Failed password for invalid user ec2-user from 176.65.132.22 port 57538 ssh2
May 31 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Connection closed by 176.65.132.22 port 57538 [preauth]
May 31 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Invalid user user1 from 206.72.205.99
May 31 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: input_userauth_request: invalid user user1 [preauth]
May 31 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Failed password for invalid user user1 from 206.72.205.99 port 46708 ssh2
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Connection closed by 206.72.205.99 port 46708 [preauth]
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: Invalid user trade from 176.65.132.22
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: input_userauth_request: invalid user trade [preauth]
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session closed for user root
May 31 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: Failed password for invalid user trade from 176.65.132.22 port 42852 ssh2
May 31 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25415]: Connection closed by 176.65.132.22 port 42852 [preauth]
May 31 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: Invalid user myuser from 176.65.132.22
May 31 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: input_userauth_request: invalid user myuser [preauth]
May 31 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: Failed password for invalid user myuser from 176.65.132.22 port 42866 ssh2
May 31 08:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25446]: Connection closed by 176.65.132.22 port 42866 [preauth]
May 31 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Invalid user user2 from 176.65.132.22
May 31 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: input_userauth_request: invalid user user2 [preauth]
May 31 08:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25445]: Failed password for root from 202.133.90.219 port 56190 ssh2
May 31 08:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25445]: Connection closed by 202.133.90.219 port 56190 [preauth]
May 31 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Failed password for invalid user user2 from 176.65.132.22 port 48602 ssh2
May 31 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Connection closed by 176.65.132.22 port 48602 [preauth]
May 31 08:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Invalid user user2 from 176.65.132.22
May 31 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: input_userauth_request: invalid user user2 [preauth]
May 31 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Failed password for invalid user user2 from 176.65.132.22 port 48610 ssh2
May 31 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Connection closed by 176.65.132.22 port 48610 [preauth]
May 31 08:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Failed password for root from 176.65.132.22 port 46164 ssh2
May 31 08:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Connection closed by 176.65.132.22 port 46164 [preauth]
May 31 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Invalid user fahmi from 176.65.132.22
May 31 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: input_userauth_request: invalid user fahmi [preauth]
May 31 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25528]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25525]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25528]: pam_unix(cron:session): session closed for user root
May 31 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user p13x
May 31 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25592]: Successful su for rubyman by root
May 31 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25592]: + ??? root:rubyman
May 31 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428162 of user rubyman.
May 31 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25592]: pam_unix(su:session): session closed for user rubyman
May 31 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428162.
May 31 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Failed password for invalid user fahmi from 176.65.132.22 port 46168 ssh2
May 31 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Connection closed by 176.65.132.22 port 46168 [preauth]
May 31 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25525]: pam_unix(cron:session): session closed for user root
May 31 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Invalid user admin from 45.78.194.186
May 31 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: input_userauth_request: invalid user admin [preauth]
May 31 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186
May 31 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session closed for user root
May 31 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Failed password for root from 37.233.85.71 port 41028 ssh2
May 31 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Failed password for invalid user admin from 45.78.194.186 port 38570 ssh2
May 31 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Connection closed by 37.233.85.71 port 41028 [preauth]
May 31 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Invalid user ubuntu from 176.65.132.22
May 31 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session closed for user samftp
May 31 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for invalid user ubuntu from 176.65.132.22 port 51752 ssh2
May 31 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Connection closed by 176.65.132.22 port 51752 [preauth]
May 31 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Received disconnect from 45.78.194.186 port 38570:11: Bye Bye [preauth]
May 31 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Disconnected from 45.78.194.186 port 38570 [preauth]
May 31 08:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: Invalid user admin from 176.65.132.22
May 31 08:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: input_userauth_request: invalid user admin [preauth]
May 31 08:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: Failed password for invalid user admin from 176.65.132.22 port 41762 ssh2
May 31 08:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25805]: Connection closed by 176.65.132.22 port 41762 [preauth]
May 31 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: Failed password for root from 176.65.132.22 port 41772 ssh2
May 31 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: Connection closed by 176.65.132.22 port 41772 [preauth]
May 31 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Invalid user daniel from 176.65.132.22
May 31 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: input_userauth_request: invalid user daniel [preauth]
May 31 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Failed password for invalid user daniel from 176.65.132.22 port 50730 ssh2
May 31 08:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Connection closed by 176.65.132.22 port 50730 [preauth]
May 31 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Invalid user myuser from 176.65.132.22
May 31 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: input_userauth_request: invalid user myuser [preauth]
May 31 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Failed password for invalid user myuser from 176.65.132.22 port 50734 ssh2
May 31 08:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Connection closed by 176.65.132.22 port 50734 [preauth]
May 31 08:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: User ftp from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: input_userauth_request: invalid user ftp [preauth]
May 31 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=ftp
May 31 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session closed for user root
May 31 08:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: Failed password for invalid user ftp from 176.65.132.22 port 51848 ssh2
May 31 08:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: Connection closed by 176.65.132.22 port 51848 [preauth]
May 31 08:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25894]: Failed password for root from 206.72.205.99 port 38014 ssh2
May 31 08:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25894]: Connection closed by 206.72.205.99 port 38014 [preauth]
May 31 08:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: Invalid user ark from 176.65.132.22
May 31 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: input_userauth_request: invalid user ark [preauth]
May 31 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: Failed password for invalid user ark from 176.65.132.22 port 51878 ssh2
May 31 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: Connection closed by 176.65.132.22 port 51878 [preauth]
May 31 08:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Invalid user user3 from 176.65.132.22
May 31 08:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: input_userauth_request: invalid user user3 [preauth]
May 31 08:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user user3 from 176.65.132.22 port 42816 ssh2
May 31 08:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Connection closed by 176.65.132.22 port 42816 [preauth]
May 31 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Invalid user fivem from 176.65.132.22
May 31 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: input_userauth_request: invalid user fivem [preauth]
May 31 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Failed password for invalid user fivem from 176.65.132.22 port 42820 ssh2
May 31 08:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Connection closed by 176.65.132.22 port 42820 [preauth]
May 31 08:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Invalid user omm from 176.65.132.22
May 31 08:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: input_userauth_request: invalid user omm [preauth]
May 31 08:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Failed password for invalid user omm from 176.65.132.22 port 38016 ssh2
May 31 08:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Connection closed by 176.65.132.22 port 38016 [preauth]
May 31 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Invalid user admin from 176.65.132.22
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: input_userauth_request: invalid user admin [preauth]
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25964]: pam_unix(cron:session): session closed for user p13x
May 31 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: Successful su for rubyman by root
May 31 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: + ??? root:rubyman
May 31 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428165 of user rubyman.
May 31 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: pam_unix(su:session): session closed for user rubyman
May 31 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428165.
May 31 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Failed password for invalid user admin from 176.65.132.22 port 38036 ssh2
May 31 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Connection closed by 176.65.132.22 port 38036 [preauth]
May 31 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session closed for user root
May 31 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25965]: pam_unix(cron:session): session closed for user samftp
May 31 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Invalid user admin from 176.65.132.22
May 31 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: input_userauth_request: invalid user admin [preauth]
May 31 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Failed password for invalid user admin from 176.65.132.22 port 48328 ssh2
May 31 08:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Connection closed by 176.65.132.22 port 48328 [preauth]
May 31 08:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Invalid user user from 37.120.213.13
May 31 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: input_userauth_request: invalid user user [preauth]
May 31 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13
May 31 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Failed password for invalid user user from 37.120.213.13 port 45724 ssh2
May 31 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: Failed password for root from 176.65.132.22 port 53450 ssh2
May 31 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: Connection closed by 176.65.132.22 port 53450 [preauth]
May 31 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Connection closed by 37.120.213.13 port 45724 [preauth]
May 31 08:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 202.133.90.219 port 36038 ssh2
May 31 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Invalid user bot from 176.65.132.22
May 31 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: input_userauth_request: invalid user bot [preauth]
May 31 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Connection closed by 202.133.90.219 port 36038 [preauth]
May 31 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Failed password for invalid user bot from 176.65.132.22 port 53464 ssh2
May 31 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Connection closed by 176.65.132.22 port 53464 [preauth]
May 31 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: Invalid user git from 176.65.132.22
May 31 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: input_userauth_request: invalid user git [preauth]
May 31 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: Failed password for invalid user git from 176.65.132.22 port 48560 ssh2
May 31 08:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26262]: Connection closed by 176.65.132.22 port 48560 [preauth]
May 31 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Invalid user pi from 176.65.132.22
May 31 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: input_userauth_request: invalid user pi [preauth]
May 31 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Failed password for invalid user pi from 176.65.132.22 port 48580 ssh2
May 31 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Connection closed by 176.65.132.22 port 48580 [preauth]
May 31 08:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25098]: pam_unix(cron:session): session closed for user root
May 31 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Invalid user pi from 176.65.132.22
May 31 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: input_userauth_request: invalid user pi [preauth]
May 31 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Failed password for invalid user pi from 176.65.132.22 port 32878 ssh2
May 31 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Connection closed by 176.65.132.22 port 32878 [preauth]
May 31 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Failed password for root from 206.72.205.99 port 33208 ssh2
May 31 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Connection closed by 206.72.205.99 port 33208 [preauth]
May 31 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Invalid user steam from 176.65.132.22
May 31 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: input_userauth_request: invalid user steam [preauth]
May 31 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
May 31 08:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Failed password for invalid user steam from 176.65.132.22 port 32880 ssh2
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Connection closed by 176.65.132.22 port 32880 [preauth]
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Invalid user milan from 45.78.194.186
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: input_userauth_request: invalid user milan [preauth]
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26337]: Failed password for root from 147.45.211.215 port 55534 ssh2
May 31 08:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26337]: Connection closed by 147.45.211.215 port 55534 [preauth]
May 31 08:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for invalid user milan from 45.78.194.186 port 53574 ssh2
May 31 08:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Received disconnect from 45.78.194.186 port 53574:11: Bye Bye [preauth]
May 31 08:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Disconnected from 45.78.194.186 port 53574 [preauth]
May 31 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Invalid user steam from 176.65.132.22
May 31 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: input_userauth_request: invalid user steam [preauth]
May 31 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Failed password for invalid user steam from 176.65.132.22 port 38198 ssh2
May 31 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Connection closed by 176.65.132.22 port 38198 [preauth]
May 31 08:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Invalid user ftpuser from 176.65.132.22
May 31 08:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: input_userauth_request: invalid user ftpuser [preauth]
May 31 08:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Failed password for invalid user ftpuser from 176.65.132.22 port 50784 ssh2
May 31 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Connection closed by 176.65.132.22 port 50784 [preauth]
May 31 08:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Invalid user ubuntu from 176.65.132.22
May 31 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Failed password for invalid user ubuntu from 176.65.132.22 port 50786 ssh2
May 31 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Connection closed by 176.65.132.22 port 50786 [preauth]
May 31 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session closed for user p13x
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26459]: Successful su for rubyman by root
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26459]: + ??? root:rubyman
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428170 of user rubyman.
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26459]: pam_unix(su:session): session closed for user rubyman
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428170.
May 31 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23646]: pam_unix(cron:session): session closed for user root
May 31 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session closed for user samftp
May 31 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Failed password for root from 176.65.132.22 port 55874 ssh2
May 31 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Connection closed by 176.65.132.22 port 55874 [preauth]
May 31 08:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: Invalid user neptune from 176.65.132.22
May 31 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: input_userauth_request: invalid user neptune [preauth]
May 31 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: Failed password for invalid user neptune from 176.65.132.22 port 55890 ssh2
May 31 08:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: Connection closed by 176.65.132.22 port 55890 [preauth]
May 31 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: Invalid user deploy from 176.65.132.22
May 31 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: input_userauth_request: invalid user deploy [preauth]
May 31 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: Failed password for invalid user deploy from 176.65.132.22 port 42310 ssh2
May 31 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: Connection closed by 176.65.132.22 port 42310 [preauth]
May 31 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Invalid user user from 2.57.121.25
May 31 08:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: input_userauth_request: invalid user user [preauth]
May 31 08:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 08:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Failed password for invalid user user from 2.57.121.25 port 45210 ssh2
May 31 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: User ftp from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: input_userauth_request: invalid user ftp [preauth]
May 31 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=ftp
May 31 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Failed password for invalid user user from 2.57.121.25 port 45210 ssh2
May 31 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Failed password for invalid user ftp from 176.65.132.22 port 42320 ssh2
May 31 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Connection closed by 176.65.132.22 port 42320 [preauth]
May 31 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Failed password for invalid user user from 2.57.121.25 port 45210 ssh2
May 31 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: Invalid user oracle from 176.65.132.22
May 31 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: input_userauth_request: invalid user oracle [preauth]
May 31 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Failed password for invalid user user from 2.57.121.25 port 45210 ssh2
May 31 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: Failed password for invalid user oracle from 176.65.132.22 port 32890 ssh2
May 31 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26791]: Connection closed by 176.65.132.22 port 32890 [preauth]
May 31 08:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Failed password for invalid user user from 2.57.121.25 port 45210 ssh2
May 31 08:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Received disconnect from 2.57.121.25 port 45210:11: Bye [preauth]
May 31 08:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Disconnected from 2.57.121.25 port 45210 [preauth]
May 31 08:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 08:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: Invalid user admin2 from 176.65.132.22
May 31 08:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: input_userauth_request: invalid user admin2 [preauth]
May 31 08:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user root
May 31 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: Failed password for invalid user admin2 from 176.65.132.22 port 51536 ssh2
May 31 08:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26801]: Connection closed by 176.65.132.22 port 51536 [preauth]
May 31 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Invalid user aaa from 176.65.132.22
May 31 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: input_userauth_request: invalid user aaa [preauth]
May 31 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: User nobody from 206.72.205.99 not allowed because not listed in AllowUsers
May 31 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: input_userauth_request: invalid user nobody [preauth]
May 31 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=nobody
May 31 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Failed password for invalid user aaa from 176.65.132.22 port 51548 ssh2
May 31 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Connection closed by 176.65.132.22 port 51548 [preauth]
May 31 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Failed password for invalid user nobody from 206.72.205.99 port 40604 ssh2
May 31 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Connection closed by 206.72.205.99 port 40604 [preauth]
May 31 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: Invalid user runner from 176.65.132.22
May 31 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: input_userauth_request: invalid user runner [preauth]
May 31 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Failed password for root from 202.133.90.219 port 38006 ssh2
May 31 08:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Connection closed by 202.133.90.219 port 38006 [preauth]
May 31 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: Failed password for invalid user runner from 176.65.132.22 port 60776 ssh2
May 31 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: Connection closed by 176.65.132.22 port 60776 [preauth]
May 31 08:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Failed password for root from 176.65.132.22 port 60790 ssh2
May 31 08:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Connection closed by 176.65.132.22 port 60790 [preauth]
May 31 08:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Failed password for root from 176.65.132.22 port 57234 ssh2
May 31 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Connection closed by 176.65.132.22 port 57234 [preauth]
May 31 08:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Invalid user runner from 176.65.132.22
May 31 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: input_userauth_request: invalid user runner [preauth]
May 31 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Failed password for invalid user runner from 176.65.132.22 port 57248 ssh2
May 31 08:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Connection closed by 176.65.132.22 port 57248 [preauth]
May 31 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26900]: pam_unix(cron:session): session closed for user p13x
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: Successful su for rubyman by root
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: + ??? root:rubyman
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428174 of user rubyman.
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: pam_unix(su:session): session closed for user rubyman
May 31 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428174.
May 31 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session closed for user root
May 31 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Invalid user jack from 176.65.132.22
May 31 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: input_userauth_request: invalid user jack [preauth]
May 31 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26902]: pam_unix(cron:session): session closed for user samftp
May 31 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Failed password for invalid user jack from 176.65.132.22 port 44810 ssh2
May 31 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Connection closed by 176.65.132.22 port 44810 [preauth]
May 31 08:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: Invalid user tactical from 176.65.132.22
May 31 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: input_userauth_request: invalid user tactical [preauth]
May 31 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: Failed password for invalid user tactical from 176.65.132.22 port 44812 ssh2
May 31 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: Connection closed by 176.65.132.22 port 44812 [preauth]
May 31 08:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Invalid user reza from 176.65.132.22
May 31 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: input_userauth_request: invalid user reza [preauth]
May 31 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for root from 45.78.194.186 port 40422 ssh2
May 31 08:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Failed password for invalid user reza from 176.65.132.22 port 60512 ssh2
May 31 08:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Connection closed by 176.65.132.22 port 60512 [preauth]
May 31 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Failed password for root from 176.65.132.22 port 60514 ssh2
May 31 08:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Connection closed by 176.65.132.22 port 60514 [preauth]
May 31 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Invalid user bernard from 176.65.132.22
May 31 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: input_userauth_request: invalid user bernard [preauth]
May 31 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Failed password for invalid user bernard from 176.65.132.22 port 48590 ssh2
May 31 08:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Connection closed by 176.65.132.22 port 48590 [preauth]
May 31 08:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Received disconnect from 172.93.102.236 port 50604:11: disconnected by user [preauth]
May 31 08:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Disconnected from 172.93.102.236 port 50604 [preauth]
May 31 08:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user root
May 31 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27235]: Failed password for root from 176.65.132.22 port 59580 ssh2
May 31 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27235]: Connection closed by 176.65.132.22 port 59580 [preauth]
May 31 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Invalid user main from 176.65.132.22
May 31 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: input_userauth_request: invalid user main [preauth]
May 31 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Failed password for invalid user main from 176.65.132.22 port 59594 ssh2
May 31 08:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Connection closed by 176.65.132.22 port 59594 [preauth]
May 31 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: Invalid user kali from 206.72.205.99
May 31 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: input_userauth_request: invalid user kali [preauth]
May 31 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Invalid user main from 176.65.132.22
May 31 08:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: input_userauth_request: invalid user main [preauth]
May 31 08:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: Failed password for invalid user kali from 206.72.205.99 port 38076 ssh2
May 31 08:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: Connection closed by 206.72.205.99 port 38076 [preauth]
May 31 08:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Failed password for invalid user main from 176.65.132.22 port 51992 ssh2
May 31 08:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Connection closed by 176.65.132.22 port 51992 [preauth]
May 31 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: Invalid user postgres from 176.65.132.22
May 31 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: input_userauth_request: invalid user postgres [preauth]
May 31 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: Failed password for invalid user postgres from 176.65.132.22 port 52004 ssh2
May 31 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: Connection closed by 176.65.132.22 port 52004 [preauth]
May 31 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Received disconnect from 104.236.66.186 port 56622:11: disconnected by user [preauth]
May 31 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Disconnected from 104.236.66.186 port 56622 [preauth]
May 31 08:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Failed password for root from 176.65.132.22 port 34654 ssh2
May 31 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Connection closed by 176.65.132.22 port 34654 [preauth]
May 31 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Invalid user cw from 176.65.132.22
May 31 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: input_userauth_request: invalid user cw [preauth]
May 31 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Failed password for invalid user cw from 176.65.132.22 port 34658 ssh2
May 31 08:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Connection closed by 176.65.132.22 port 34658 [preauth]
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27345]: pam_unix(cron:session): session closed for user p13x
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27408]: Successful su for rubyman by root
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27408]: + ??? root:rubyman
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428178 of user rubyman.
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27408]: pam_unix(su:session): session closed for user rubyman
May 31 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428178.
May 31 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Invalid user user from 176.65.132.22
May 31 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: input_userauth_request: invalid user user [preauth]
May 31 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24664]: pam_unix(cron:session): session closed for user root
May 31 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Failed password for invalid user user from 176.65.132.22 port 38360 ssh2
May 31 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Connection closed by 176.65.132.22 port 38360 [preauth]
May 31 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session closed for user samftp
May 31 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Invalid user user1 from 176.65.132.22
May 31 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: input_userauth_request: invalid user user1 [preauth]
May 31 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Failed password for invalid user user1 from 176.65.132.22 port 38370 ssh2
May 31 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Connection closed by 176.65.132.22 port 38370 [preauth]
May 31 08:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Invalid user ts from 176.65.132.22
May 31 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: input_userauth_request: invalid user ts [preauth]
May 31 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Failed password for root from 202.133.90.219 port 51634 ssh2
May 31 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Failed password for invalid user ts from 176.65.132.22 port 52664 ssh2
May 31 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Connection closed by 176.65.132.22 port 52664 [preauth]
May 31 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Connection closed by 202.133.90.219 port 51634 [preauth]
May 31 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Invalid user cursor from 176.65.132.22
May 31 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: input_userauth_request: invalid user cursor [preauth]
May 31 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Failed password for invalid user cursor from 176.65.132.22 port 52696 ssh2
May 31 08:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Connection closed by 176.65.132.22 port 52696 [preauth]
May 31 08:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Invalid user grok from 176.65.132.22
May 31 08:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: input_userauth_request: invalid user grok [preauth]
May 31 08:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Failed password for invalid user grok from 176.65.132.22 port 54188 ssh2
May 31 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Connection closed by 176.65.132.22 port 54188 [preauth]
May 31 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: Invalid user dmdba from 176.65.132.22
May 31 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: input_userauth_request: invalid user dmdba [preauth]
May 31 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: Failed password for invalid user dmdba from 176.65.132.22 port 54200 ssh2
May 31 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27678]: Connection closed by 176.65.132.22 port 54200 [preauth]
May 31 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session closed for user root
May 31 08:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Invalid user user from 176.65.132.22
May 31 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: input_userauth_request: invalid user user [preauth]
May 31 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user user from 176.65.132.22 port 39918 ssh2
May 31 08:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Connection closed by 176.65.132.22 port 39918 [preauth]
May 31 08:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: Failed password for root from 176.65.132.22 port 60750 ssh2
May 31 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27723]: Connection closed by 176.65.132.22 port 60750 [preauth]
May 31 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Invalid user linaro from 206.72.205.99
May 31 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: input_userauth_request: invalid user linaro [preauth]
May 31 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99
May 31 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Failed password for invalid user linaro from 206.72.205.99 port 54064 ssh2
May 31 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Connection closed by 206.72.205.99 port 54064 [preauth]
May 31 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: Failed password for root from 176.65.132.22 port 60760 ssh2
May 31 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: Connection closed by 176.65.132.22 port 60760 [preauth]
May 31 08:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Invalid user admin123 from 176.65.132.22
May 31 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: input_userauth_request: invalid user admin123 [preauth]
May 31 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Failed password for invalid user admin123 from 176.65.132.22 port 42168 ssh2
May 31 08:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Connection closed by 176.65.132.22 port 42168 [preauth]
May 31 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: Invalid user admin123 from 176.65.132.22
May 31 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: input_userauth_request: invalid user admin123 [preauth]
May 31 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session closed for user root
May 31 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session closed for user p13x
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27858]: Successful su for rubyman by root
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27858]: + ??? root:rubyman
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428183 of user rubyman.
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27858]: pam_unix(su:session): session closed for user rubyman
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428183.
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: Failed password for invalid user admin123 from 176.65.132.22 port 42174 ssh2
May 31 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: Connection closed by 176.65.132.22 port 42174 [preauth]
May 31 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user root
May 31 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user root
May 31 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session closed for user samftp
May 31 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Failed password for root from 176.65.132.22 port 39806 ssh2
May 31 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Connection closed by 176.65.132.22 port 39806 [preauth]
May 31 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Failed password for root from 176.65.132.22 port 46328 ssh2
May 31 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Connection closed by 176.65.132.22 port 46328 [preauth]
May 31 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Invalid user kipt from 176.65.132.22
May 31 08:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: input_userauth_request: invalid user kipt [preauth]
May 31 08:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Failed password for invalid user kipt from 176.65.132.22 port 46330 ssh2
May 31 08:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Connection closed by 176.65.132.22 port 46330 [preauth]
May 31 08:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: Failed password for root from 176.65.132.22 port 50500 ssh2
May 31 08:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: Connection closed by 176.65.132.22 port 50500 [preauth]
May 31 08:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Invalid user admin from 176.65.132.22
May 31 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: input_userauth_request: invalid user admin [preauth]
May 31 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Failed password for invalid user admin from 176.65.132.22 port 50504 ssh2
May 31 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Connection closed by 176.65.132.22 port 50504 [preauth]
May 31 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session closed for user root
May 31 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Invalid user packer from 176.65.132.22
May 31 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: input_userauth_request: invalid user packer [preauth]
May 31 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Failed password for invalid user packer from 176.65.132.22 port 60248 ssh2
May 31 08:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Connection closed by 176.65.132.22 port 60248 [preauth]
May 31 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Invalid user erp from 176.65.132.22
May 31 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: input_userauth_request: invalid user erp [preauth]
May 31 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: Failed password for root from 202.133.90.219 port 60464 ssh2
May 31 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: Connection closed by 202.133.90.219 port 60464 [preauth]
May 31 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Failed password for invalid user erp from 176.65.132.22 port 60254 ssh2
May 31 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Connection closed by 176.65.132.22 port 60254 [preauth]
May 31 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Invalid user debian from 176.65.132.22
May 31 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: input_userauth_request: invalid user debian [preauth]
May 31 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Failed password for invalid user debian from 176.65.132.22 port 39630 ssh2
May 31 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Connection closed by 176.65.132.22 port 39630 [preauth]
May 31 08:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Failed password for root from 206.72.205.99 port 49682 ssh2
May 31 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Connection closed by 206.72.205.99 port 49682 [preauth]
May 31 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: Failed password for root from 176.65.132.22 port 48470 ssh2
May 31 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: Connection closed by 176.65.132.22 port 48470 [preauth]
May 31 08:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: Invalid user user from 176.65.132.22
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: input_userauth_request: invalid user user [preauth]
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Invalid user admin from 2.57.121.112
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: input_userauth_request: invalid user admin [preauth]
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Invalid user patronization from 173.254.234.162
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: input_userauth_request: invalid user patronization [preauth]
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for invalid user admin from 2.57.121.112 port 23766 ssh2
May 31 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: Failed password for invalid user user from 176.65.132.22 port 48484 ssh2
May 31 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28290]: Connection closed by 176.65.132.22 port 48484 [preauth]
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Failed password for invalid user patronization from 173.254.234.162 port 55040 ssh2
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Connection closed by 173.254.234.162 port 55040 [preauth]
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session closed for user p13x
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for invalid user admin from 2.57.121.112 port 23766 ssh2
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: Successful su for rubyman by root
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: + ??? root:rubyman
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428189 of user rubyman.
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: pam_unix(su:session): session closed for user rubyman
May 31 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428189.
May 31 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for invalid user admin from 2.57.121.112 port 23766 ssh2
May 31 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: Invalid user mcserver from 176.65.132.22
May 31 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: input_userauth_request: invalid user mcserver [preauth]
May 31 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user root
May 31 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session closed for user samftp
May 31 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for invalid user admin from 2.57.121.112 port 23766 ssh2
May 31 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: Failed password for invalid user mcserver from 176.65.132.22 port 57694 ssh2
May 31 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: Connection closed by 176.65.132.22 port 57694 [preauth]
May 31 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for invalid user admin from 2.57.121.112 port 23766 ssh2
May 31 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Received disconnect from 2.57.121.112 port 23766:11: Bye [preauth]
May 31 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Disconnected from 2.57.121.112 port 23766 [preauth]
May 31 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 08:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: Failed password for root from 176.65.132.22 port 57710 ssh2
May 31 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: Connection closed by 176.65.132.22 port 57710 [preauth]
May 31 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: Failed password for root from 176.65.132.22 port 54238 ssh2
May 31 08:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: Connection closed by 176.65.132.22 port 54238 [preauth]
May 31 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Failed password for root from 176.65.132.22 port 53140 ssh2
May 31 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Connection closed by 176.65.132.22 port 53140 [preauth]
May 31 08:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Invalid user lin from 176.65.132.22
May 31 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: input_userauth_request: invalid user lin [preauth]
May 31 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Failed password for invalid user lin from 176.65.132.22 port 53154 ssh2
May 31 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Connection closed by 176.65.132.22 port 53154 [preauth]
May 31 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Failed password for root from 45.78.194.186 port 47170 ssh2
May 31 08:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Received disconnect from 45.78.194.186 port 47170:11: Bye Bye [preauth]
May 31 08:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Disconnected from 45.78.194.186 port 47170 [preauth]
May 31 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user root
May 31 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: Failed password for root from 176.65.132.22 port 60860 ssh2
May 31 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: Connection closed by 176.65.132.22 port 60860 [preauth]
May 31 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Invalid user zabbix from 176.65.132.22
May 31 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: input_userauth_request: invalid user zabbix [preauth]
May 31 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Failed password for invalid user zabbix from 176.65.132.22 port 60872 ssh2
May 31 08:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Connection closed by 176.65.132.22 port 60872 [preauth]
May 31 08:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: User john from 176.65.132.22 not allowed because not listed in AllowUsers
May 31 08:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: input_userauth_request: invalid user john [preauth]
May 31 08:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=john
May 31 08:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user john from 176.65.132.22 port 47140 ssh2
May 31 08:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Connection closed by 176.65.132.22 port 47140 [preauth]
May 31 08:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Invalid user openvpn from 176.65.132.22
May 31 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: input_userauth_request: invalid user openvpn [preauth]
May 31 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Failed password for invalid user openvpn from 176.65.132.22 port 47150 ssh2
May 31 08:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Connection closed by 176.65.132.22 port 47150 [preauth]
May 31 08:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Failed password for root from 206.72.205.99 port 56510 ssh2
May 31 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Connection closed by 206.72.205.99 port 56510 [preauth]
May 31 08:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: Failed password for root from 176.65.132.22 port 43088 ssh2
May 31 08:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: Connection closed by 176.65.132.22 port 43088 [preauth]
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session closed for user p13x
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28891]: Successful su for rubyman by root
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28891]: + ??? root:rubyman
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428191 of user rubyman.
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28891]: pam_unix(su:session): session closed for user rubyman
May 31 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428191.
May 31 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Invalid user rdpuser from 176.65.132.22
May 31 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: input_userauth_request: invalid user rdpuser [preauth]
May 31 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Failed password for invalid user rdpuser from 176.65.132.22 port 43960 ssh2
May 31 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session closed for user root
May 31 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Connection closed by 176.65.132.22 port 43960 [preauth]
May 31 08:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28831]: pam_unix(cron:session): session closed for user samftp
May 31 08:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Invalid user rdpuser from 176.65.132.22
May 31 08:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: input_userauth_request: invalid user rdpuser [preauth]
May 31 08:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Failed password for invalid user rdpuser from 176.65.132.22 port 43974 ssh2
May 31 08:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Connection closed by 176.65.132.22 port 43974 [preauth]
May 31 08:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Failed password for root from 202.133.90.219 port 48322 ssh2
May 31 08:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Connection closed by 202.133.90.219 port 48322 [preauth]
May 31 08:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Invalid user home from 176.65.132.22
May 31 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: input_userauth_request: invalid user home [preauth]
May 31 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Failed password for invalid user home from 176.65.132.22 port 53878 ssh2
May 31 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Connection closed by 176.65.132.22 port 53878 [preauth]
May 31 08:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Invalid user myuser from 176.65.132.22
May 31 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: input_userauth_request: invalid user myuser [preauth]
May 31 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Failed password for invalid user myuser from 176.65.132.22 port 53882 ssh2
May 31 08:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Connection closed by 176.65.132.22 port 53882 [preauth]
May 31 08:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: Invalid user myuser from 176.65.132.22
May 31 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: input_userauth_request: invalid user myuser [preauth]
May 31 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: Failed password for invalid user myuser from 176.65.132.22 port 32804 ssh2
May 31 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29137]: Connection closed by 176.65.132.22 port 32804 [preauth]
May 31 08:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Invalid user devops from 176.65.132.22
May 31 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: input_userauth_request: invalid user devops [preauth]
May 31 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session closed for user root
May 31 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Failed password for invalid user devops from 176.65.132.22 port 57358 ssh2
May 31 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Connection closed by 176.65.132.22 port 57358 [preauth]
May 31 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Invalid user gabriel from 176.65.132.22
May 31 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: input_userauth_request: invalid user gabriel [preauth]
May 31 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Failed password for invalid user gabriel from 176.65.132.22 port 57364 ssh2
May 31 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Connection closed by 176.65.132.22 port 57364 [preauth]
May 31 08:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: Invalid user docker from 176.65.132.22
May 31 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: input_userauth_request: invalid user docker [preauth]
May 31 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: Failed password for invalid user docker from 176.65.132.22 port 41094 ssh2
May 31 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29214]: Connection closed by 176.65.132.22 port 41094 [preauth]
May 31 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user minecraft from 176.65.132.22
May 31 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user minecraft [preauth]
May 31 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user minecraft from 176.65.132.22 port 41118 ssh2
May 31 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Connection closed by 176.65.132.22 port 41118 [preauth]
May 31 08:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: Invalid user tom from 176.65.132.22
May 31 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: input_userauth_request: invalid user tom [preauth]
May 31 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: Failed password for invalid user tom from 176.65.132.22 port 40128 ssh2
May 31 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29235]: Connection closed by 176.65.132.22 port 40128 [preauth]
May 31 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Failed password for root from 206.72.205.99 port 54828 ssh2
May 31 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Connection closed by 206.72.205.99 port 54828 [preauth]
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29259]: pam_unix(cron:session): session closed for user p13x
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: Successful su for rubyman by root
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: + ??? root:rubyman
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428195 of user rubyman.
May 31 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: pam_unix(su:session): session closed for user rubyman
May 31 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428195.
May 31 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Invalid user xiao from 176.65.132.22
May 31 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: input_userauth_request: invalid user xiao [preauth]
May 31 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Failed password for invalid user xiao from 176.65.132.22 port 38626 ssh2
May 31 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Connection closed by 176.65.132.22 port 38626 [preauth]
May 31 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session closed for user root
May 31 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.194.186  user=root
May 31 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session closed for user samftp
May 31 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Failed password for root from 45.78.194.186 port 52464 ssh2
May 31 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Received disconnect from 45.78.194.186 port 52464:11: Bye Bye [preauth]
May 31 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Disconnected from 45.78.194.186 port 52464 [preauth]
May 31 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22  user=root
May 31 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Failed password for root from 176.65.132.22 port 38630 ssh2
May 31 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Connection closed by 176.65.132.22 port 38630 [preauth]
May 31 08:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: Invalid user alex from 176.65.132.22
May 31 08:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: input_userauth_request: invalid user alex [preauth]
May 31 08:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: Failed password for invalid user alex from 176.65.132.22 port 34560 ssh2
May 31 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: Connection closed by 176.65.132.22 port 34560 [preauth]
May 31 08:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Invalid user ubuntu from 176.65.132.22
May 31 08:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: input_userauth_request: invalid user ubuntu [preauth]
May 31 08:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Failed password for invalid user ubuntu from 176.65.132.22 port 34572 ssh2
May 31 08:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Connection closed by 176.65.132.22 port 34572 [preauth]
May 31 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Invalid user deployer from 176.65.132.22
May 31 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: input_userauth_request: invalid user deployer [preauth]
May 31 08:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Failed password for invalid user deployer from 176.65.132.22 port 50618 ssh2
May 31 08:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Connection closed by 176.65.132.22 port 50618 [preauth]
May 31 08:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: Invalid user rdpuser from 176.65.132.22
May 31 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: input_userauth_request: invalid user rdpuser [preauth]
May 31 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.22
May 31 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user root
May 31 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: Failed password for invalid user rdpuser from 176.65.132.22 port 36326 ssh2
May 31 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29688]: Connection closed by 176.65.132.22 port 36326 [preauth]
May 31 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: Failed password for root from 202.133.90.219 port 44276 ssh2
May 31 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: Connection closed by 202.133.90.219 port 44276 [preauth]
May 31 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session closed for user p13x
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: Successful su for rubyman by root
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: + ??? root:rubyman
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428200 of user rubyman.
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: pam_unix(su:session): session closed for user rubyman
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428200.
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Failed password for root from 206.72.205.99 port 37216 ssh2
May 31 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Connection closed by 206.72.205.99 port 37216 [preauth]
May 31 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session closed for user root
May 31 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session closed for user samftp
May 31 08:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user root
May 31 08:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30234]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30234]: pam_unix(cron:session): session closed for user root
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session closed for user p13x
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30300]: Successful su for rubyman by root
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30300]: + ??? root:rubyman
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428205 of user rubyman.
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30300]: pam_unix(su:session): session closed for user rubyman
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428205.
May 31 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30207]: Failed password for root from 202.133.90.219 port 43732 ssh2
May 31 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: Invalid user hacluster from 80.94.95.116
May 31 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: input_userauth_request: invalid user hacluster [preauth]
May 31 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30207]: Connection closed by 202.133.90.219 port 43732 [preauth]
May 31 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session closed for user root
May 31 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user root
May 31 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session closed for user samftp
May 31 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: Failed password for invalid user hacluster from 80.94.95.116 port 35316 ssh2
May 31 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.72.205.99  user=root
May 31 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: Connection closed by 80.94.95.116 port 35316 [preauth]
May 31 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: Failed password for root from 206.72.205.99 port 50824 ssh2
May 31 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: Connection closed by 206.72.205.99 port 50824 [preauth]
May 31 08:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 08:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Failed password for root from 77.94.47.83 port 55502 ssh2
May 31 08:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Connection closed by 77.94.47.83 port 55502 [preauth]
May 31 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session closed for user root
May 31 08:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Connection closed by 194.59.206.2 port 24222 [preauth]
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30683]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session closed for user p13x
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: Successful su for rubyman by root
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: + ??? root:rubyman
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428209 of user rubyman.
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: pam_unix(su:session): session closed for user rubyman
May 31 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428209.
May 31 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session closed for user root
May 31 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session closed for user samftp
May 31 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for root from 202.133.90.219 port 39296 ssh2
May 31 08:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Connection closed by 202.133.90.219 port 39296 [preauth]
May 31 08:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session closed for user root
May 31 08:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 08:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Failed password for root from 87.251.79.125 port 53288 ssh2
May 31 08:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Connection closed by 87.251.79.125 port 53288 [preauth]
May 31 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session closed for user p13x
May 31 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: Successful su for rubyman by root
May 31 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: + ??? root:rubyman
May 31 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428215 of user rubyman.
May 31 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: pam_unix(su:session): session closed for user rubyman
May 31 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428215.
May 31 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session closed for user root
May 31 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user samftp
May 31 08:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Failed password for root from 202.133.90.219 port 49614 ssh2
May 31 08:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Connection closed by 202.133.90.219 port 49614 [preauth]
May 31 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session closed for user root
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user p13x
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31747]: Successful su for rubyman by root
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31747]: + ??? root:rubyman
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428217 of user rubyman.
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31747]: pam_unix(su:session): session closed for user rubyman
May 31 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428217.
May 31 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session closed for user root
May 31 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session closed for user samftp
May 31 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Failed password for root from 103.172.78.219 port 46080 ssh2
May 31 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Connection closed by 103.172.78.219 port 46080 [preauth]
May 31 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Failed password for root from 202.133.90.219 port 41642 ssh2
May 31 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Connection closed by 202.133.90.219 port 41642 [preauth]
May 31 08:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30683]: pam_unix(cron:session): session closed for user root
May 31 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.213.13  user=root
May 31 08:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for root from 37.120.213.13 port 49276 ssh2
May 31 08:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 37.120.213.13 port 49276 [preauth]
May 31 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user p13x
May 31 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32174]: Successful su for rubyman by root
May 31 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32174]: + ??? root:rubyman
May 31 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428222 of user rubyman.
May 31 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32174]: pam_unix(su:session): session closed for user rubyman
May 31 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428222.
May 31 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session closed for user root
May 31 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user samftp
May 31 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: Failed password for root from 202.133.90.219 port 34726 ssh2
May 31 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32248]: Connection closed by 202.133.90.219 port 34726 [preauth]
May 31 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Failed password for root from 38.93.206.2 port 44262 ssh2
May 31 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Connection closed by 38.93.206.2 port 44262 [preauth]
May 31 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session closed for user root
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32521]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session closed for user root
May 31 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session closed for user p13x
May 31 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32584]: Successful su for rubyman by root
May 31 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32584]: + ??? root:rubyman
May 31 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428225 of user rubyman.
May 31 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32584]: pam_unix(su:session): session closed for user rubyman
May 31 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428225.
May 31 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session closed for user root
May 31 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user root
May 31 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Failed password for root from 194.113.233.25 port 48990 ssh2
May 31 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Connection closed by 194.113.233.25 port 48990 [preauth]
May 31 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session closed for user samftp
May 31 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Failed password for root from 202.133.90.219 port 54728 ssh2
May 31 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Connection closed by 202.133.90.219 port 54728 [preauth]
May 31 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session closed for user root
May 31 08:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Failed password for root from 170.82.76.2 port 63094 ssh2
May 31 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Connection closed by 170.82.76.2 port 63094 [preauth]
May 31 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session closed for user p13x
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[709]: Successful su for rubyman by root
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[709]: + ??? root:rubyman
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428232 of user rubyman.
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[709]: pam_unix(su:session): session closed for user rubyman
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428232.
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162  user=root
May 31 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for root from 173.254.234.162 port 51398 ssh2
May 31 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 173.254.234.162 port 51398 [preauth]
May 31 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session closed for user root
May 31 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session closed for user samftp
May 31 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Failed password for root from 202.133.90.219 port 47860 ssh2
May 31 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Connection closed by 202.133.90.219 port 47860 [preauth]
May 31 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[970]: Failed password for root from 89.108.118.91 port 45104 ssh2
May 31 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[970]: Connection closed by 89.108.118.91 port 45104 [preauth]
May 31 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session closed for user root
May 31 08:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for root from 109.172.54.111 port 52734 ssh2
May 31 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Connection closed by 109.172.54.111 port 52734 [preauth]
May 31 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1105]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1106]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1103]: pam_unix(cron:session): session closed for user p13x
May 31 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1167]: Successful su for rubyman by root
May 31 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1167]: + ??? root:rubyman
May 31 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428235 of user rubyman.
May 31 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1167]: pam_unix(su:session): session closed for user rubyman
May 31 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428235.
May 31 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session closed for user root
May 31 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1104]: pam_unix(cron:session): session closed for user samftp
May 31 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Failed password for root from 202.133.90.219 port 46530 ssh2
May 31 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Connection closed by 202.133.90.219 port 46530 [preauth]
May 31 08:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32521]: pam_unix(cron:session): session closed for user root
May 31 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session closed for user p13x
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: Successful su for rubyman by root
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: + ??? root:rubyman
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428241 of user rubyman.
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1709]: pam_unix(su:session): session closed for user rubyman
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428241.
May 31 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user root
May 31 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: Failed password for root from 202.133.90.219 port 41292 ssh2
May 31 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: Connection closed by 202.133.90.219 port 41292 [preauth]
May 31 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session closed for user samftp
May 31 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session closed for user root
May 31 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Failed password for root from 62.133.62.83 port 45264 ssh2
May 31 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Connection closed by 62.133.62.83 port 45264 [preauth]
May 31 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: Failed password for root from 202.133.90.219 port 48686 ssh2
May 31 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: Connection closed by 202.133.90.219 port 48686 [preauth]
May 31 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2122]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2119]: pam_unix(cron:session): session closed for user p13x
May 31 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: Successful su for rubyman by root
May 31 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: + ??? root:rubyman
May 31 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428243 of user rubyman.
May 31 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2250]: pam_unix(su:session): session closed for user rubyman
May 31 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428243.
May 31 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2116]: pam_unix(cron:session): session closed for user root
May 31 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session closed for user root
May 31 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session closed for user samftp
May 31 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Failed password for root from 103.77.242.62 port 47298 ssh2
May 31 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Connection closed by 103.77.242.62 port 47298 [preauth]
May 31 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1106]: pam_unix(cron:session): session closed for user root
May 31 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 08:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Failed password for root from 103.15.222.183 port 58356 ssh2
May 31 08:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Connection closed by 103.15.222.183 port 58356 [preauth]
May 31 08:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Failed password for root from 202.133.90.219 port 45786 ssh2
May 31 08:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Connection closed by 202.133.90.219 port 45786 [preauth]
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session closed for user root
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2662]: pam_unix(cron:session): session closed for user p13x
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2736]: Successful su for rubyman by root
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2736]: + ??? root:rubyman
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428250 of user rubyman.
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2736]: pam_unix(su:session): session closed for user rubyman
May 31 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428250.
May 31 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session closed for user root
May 31 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session closed for user root
May 31 08:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2663]: pam_unix(cron:session): session closed for user samftp
May 31 08:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: Received disconnect from 198.23.177.142 port 60332:11: disconnected by user [preauth]
May 31 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: Disconnected from 198.23.177.142 port 60332 [preauth]
May 31 08:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Failed password for root from 185.156.73.233 port 32622 ssh2
May 31 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Connection closed by 185.156.73.233 port 32622 [preauth]
May 31 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1648]: pam_unix(cron:session): session closed for user root
May 31 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Failed password for root from 202.133.90.219 port 51006 ssh2
May 31 08:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Connection closed by 202.133.90.219 port 51006 [preauth]
May 31 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session closed for user p13x
May 31 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: Successful su for rubyman by root
May 31 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: + ??? root:rubyman
May 31 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428254 of user rubyman.
May 31 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session closed for user rubyman
May 31 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428254.
May 31 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session closed for user root
May 31 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session closed for user samftp
May 31 08:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Failed password for root from 51.250.105.222 port 56598 ssh2
May 31 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Connection closed by 51.250.105.222 port 56598 [preauth]
May 31 08:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Failed password for root from 80.66.85.226 port 59010 ssh2
May 31 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Connection closed by 80.66.85.226 port 59010 [preauth]
May 31 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2122]: pam_unix(cron:session): session closed for user root
May 31 08:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Failed password for root from 202.133.90.219 port 56836 ssh2
May 31 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Connection closed by 202.133.90.219 port 56836 [preauth]
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session closed for user p13x
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: Successful su for rubyman by root
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: + ??? root:rubyman
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428258 of user rubyman.
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: pam_unix(su:session): session closed for user rubyman
May 31 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428258.
May 31 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user root
May 31 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session closed for user samftp
May 31 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session closed for user root
May 31 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Failed password for root from 202.133.90.219 port 38504 ssh2
May 31 08:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Connection closed by 202.133.90.219 port 38504 [preauth]
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session closed for user p13x
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4151]: Successful su for rubyman by root
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4151]: + ??? root:rubyman
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428263 of user rubyman.
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4151]: pam_unix(su:session): session closed for user rubyman
May 31 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428263.
May 31 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1105]: pam_unix(cron:session): session closed for user root
May 31 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session closed for user samftp
May 31 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4387]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Received disconnect from 89.37.117.16 port 22408:11: disconnected by user [preauth]
May 31 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Disconnected from 89.37.117.16 port 22408 [preauth]
May 31 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4387]: Received disconnect from 148.153.121.146 port 37058:11: disconnected by user [preauth]
May 31 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4387]: Disconnected from 148.153.121.146 port 37058 [preauth]
May 31 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user root
May 31 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: Failed password for root from 202.133.90.219 port 50810 ssh2
May 31 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: Connection closed by 202.133.90.219 port 50810 [preauth]
May 31 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4496]: pam_unix(cron:session): session closed for user p13x
May 31 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4559]: Successful su for rubyman by root
May 31 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4559]: + ??? root:rubyman
May 31 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428268 of user rubyman.
May 31 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4559]: pam_unix(su:session): session closed for user rubyman
May 31 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428268.
May 31 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1647]: pam_unix(cron:session): session closed for user root
May 31 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4497]: pam_unix(cron:session): session closed for user samftp
May 31 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session closed for user root
May 31 08:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 08:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Failed password for root from 103.149.28.157 port 56984 ssh2
May 31 08:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Connection closed by 103.149.28.157 port 56984 [preauth]
May 31 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Failed password for root from 202.133.90.219 port 35510 ssh2
May 31 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Connection closed by 202.133.90.219 port 35510 [preauth]
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4918]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4921]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4920]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4921]: pam_unix(cron:session): session closed for user root
May 31 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user p13x
May 31 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: Successful su for rubyman by root
May 31 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: + ??? root:rubyman
May 31 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428275 of user rubyman.
May 31 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: pam_unix(su:session): session closed for user rubyman
May 31 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428275.
May 31 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4918]: pam_unix(cron:session): session closed for user root
May 31 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session closed for user root
May 31 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session closed for user samftp
May 31 08:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: Failed password for root from 89.223.69.22 port 53274 ssh2
May 31 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: Connection closed by 89.223.69.22 port 53274 [preauth]
May 31 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session closed for user root
May 31 08:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Failed password for root from 202.133.90.219 port 49262 ssh2
May 31 08:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Connection closed by 202.133.90.219 port 49262 [preauth]
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session closed for user p13x
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: Successful su for rubyman by root
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: + ??? root:rubyman
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428277 of user rubyman.
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: pam_unix(su:session): session closed for user rubyman
May 31 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428277.
May 31 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session closed for user root
May 31 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5344]: pam_unix(cron:session): session closed for user samftp
May 31 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4499]: pam_unix(cron:session): session closed for user root
May 31 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5697]: Failed password for root from 202.133.90.219 port 48134 ssh2
May 31 08:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5697]: Connection closed by 202.133.90.219 port 48134 [preauth]
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5739]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5737]: pam_unix(cron:session): session closed for user p13x
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: Successful su for rubyman by root
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: + ??? root:rubyman
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428281 of user rubyman.
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session closed for user rubyman
May 31 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428281.
May 31 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user root
May 31 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5738]: pam_unix(cron:session): session closed for user samftp
May 31 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4920]: pam_unix(cron:session): session closed for user root
May 31 08:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: Received disconnect from 102.129.186.123 port 11046:11: disconnected by user [preauth]
May 31 08:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: Disconnected from 102.129.186.123 port 11046 [preauth]
May 31 08:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Failed password for root from 202.133.90.219 port 57344 ssh2
May 31 08:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Connection closed by 202.133.90.219 port 57344 [preauth]
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6124]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session closed for user p13x
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6185]: Successful su for rubyman by root
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6185]: + ??? root:rubyman
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428284 of user rubyman.
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6185]: pam_unix(su:session): session closed for user rubyman
May 31 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428284.
May 31 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session closed for user root
May 31 08:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session closed for user samftp
May 31 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user root
May 31 08:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Failed password for root from 202.133.90.219 port 60144 ssh2
May 31 08:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Connection closed by 202.133.90.219 port 60144 [preauth]
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6511]: pam_unix(cron:session): session closed for user p13x
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6570]: Successful su for rubyman by root
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6570]: + ??? root:rubyman
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428289 of user rubyman.
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6570]: pam_unix(su:session): session closed for user rubyman
May 31 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428289.
May 31 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session closed for user root
May 31 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session closed for user samftp
May 31 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session closed for user root
May 31 08:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for root from 202.133.90.219 port 37446 ssh2
May 31 08:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Connection closed by 202.133.90.219 port 37446 [preauth]
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6926]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session closed for user root
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6922]: pam_unix(cron:session): session closed for user p13x
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: Successful su for rubyman by root
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: + ??? root:rubyman
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428293 of user rubyman.
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: pam_unix(su:session): session closed for user rubyman
May 31 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428293.
May 31 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session closed for user root
May 31 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4498]: pam_unix(cron:session): session closed for user root
May 31 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session closed for user samftp
May 31 08:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6125]: pam_unix(cron:session): session closed for user root
May 31 08:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Failed password for root from 202.133.90.219 port 60966 ssh2
May 31 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Connection closed by 202.133.90.219 port 60966 [preauth]
May 31 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7443]: pam_unix(cron:session): session closed for user p13x
May 31 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: Successful su for rubyman by root
May 31 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: + ??? root:rubyman
May 31 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428299 of user rubyman.
May 31 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: pam_unix(su:session): session closed for user rubyman
May 31 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428299.
May 31 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4919]: pam_unix(cron:session): session closed for user root
May 31 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7444]: pam_unix(cron:session): session closed for user samftp
May 31 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session closed for user root
May 31 08:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7875]: Failed password for root from 202.133.90.219 port 54852 ssh2
May 31 08:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7875]: Connection closed by 202.133.90.219 port 54852 [preauth]
May 31 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Invalid user git from 185.156.73.233
May 31 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: input_userauth_request: invalid user git [preauth]
May 31 08:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Failed password for invalid user git from 185.156.73.233 port 48294 ssh2
May 31 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Connection closed by 185.156.73.233 port 48294 [preauth]
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7936]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session closed for user p13x
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7993]: Successful su for rubyman by root
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7993]: + ??? root:rubyman
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428303 of user rubyman.
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7993]: pam_unix(su:session): session closed for user rubyman
May 31 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428303.
May 31 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session closed for user root
May 31 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session closed for user samftp
May 31 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6926]: pam_unix(cron:session): session closed for user root
May 31 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Failed password for root from 202.133.90.219 port 58672 ssh2
May 31 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Connection closed by 202.133.90.219 port 58672 [preauth]
May 31 08:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user p13x
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: Successful su for rubyman by root
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: + ??? root:rubyman
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428306 of user rubyman.
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: pam_unix(su:session): session closed for user rubyman
May 31 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428306.
May 31 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Failed password for root from 103.173.227.57 port 51160 ssh2
May 31 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Connection closed by 103.173.227.57 port 51160 [preauth]
May 31 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5739]: pam_unix(cron:session): session closed for user root
May 31 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user samftp
May 31 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session closed for user root
May 31 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Failed password for root from 202.133.90.219 port 40846 ssh2
May 31 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Connection closed by 202.133.90.219 port 40846 [preauth]
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8720]: pam_unix(cron:session): session closed for user p13x
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: Successful su for rubyman by root
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: + ??? root:rubyman
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428310 of user rubyman.
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: pam_unix(su:session): session closed for user rubyman
May 31 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428310.
May 31 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6124]: pam_unix(cron:session): session closed for user root
May 31 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session closed for user samftp
May 31 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7936]: pam_unix(cron:session): session closed for user root
May 31 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Failed password for root from 202.133.90.219 port 50540 ssh2
May 31 08:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Connection closed by 202.133.90.219 port 50540 [preauth]
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9128]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9131]: pam_unix(cron:session): session closed for user root
May 31 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9126]: pam_unix(cron:session): session closed for user p13x
May 31 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9196]: Successful su for rubyman by root
May 31 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9196]: + ??? root:rubyman
May 31 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428315 of user rubyman.
May 31 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9196]: pam_unix(su:session): session closed for user rubyman
May 31 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428315.
May 31 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9128]: pam_unix(cron:session): session closed for user root
May 31 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session closed for user root
May 31 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9127]: pam_unix(cron:session): session closed for user samftp
May 31 08:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 08:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Received disconnect from 45.43.45.254 port 42188:11: disconnected by user [preauth]
May 31 08:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Disconnected from 45.43.45.254 port 42188 [preauth]
May 31 08:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session closed for user root
May 31 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: Failed password for root from 202.133.90.219 port 55998 ssh2
May 31 08:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: Connection closed by 202.133.90.219 port 55998 [preauth]
May 31 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9546]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9545]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session closed for user p13x
May 31 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: Successful su for rubyman by root
May 31 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: + ??? root:rubyman
May 31 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428320 of user rubyman.
May 31 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session closed for user rubyman
May 31 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428320.
May 31 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Invalid user dev from 168.220.237.171
May 31 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: input_userauth_request: invalid user dev [preauth]
May 31 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6925]: pam_unix(cron:session): session closed for user root
May 31 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): check pass; user unknown
May 31 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.220.237.171
May 31 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Failed password for invalid user dev from 168.220.237.171 port 32868 ssh2
May 31 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session closed for user samftp
May 31 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Connection closed by 168.220.237.171 port 32868 [preauth]
May 31 08:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session closed for user root
May 31 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9883]: Failed password for root from 202.133.90.219 port 45478 ssh2
May 31 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9883]: Connection closed by 202.133.90.219 port 45478 [preauth]
May 31 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session closed for user p13x
May 31 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: Successful su for rubyman by root
May 31 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: + ??? root:rubyman
May 31 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428325 of user rubyman.
May 31 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: pam_unix(su:session): session closed for user rubyman
May 31 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428325.
May 31 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session closed for user root
May 31 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session closed for user samftp
May 31 08:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: Failed password for root from 193.37.70.224 port 39328 ssh2
May 31 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: Connection closed by 193.37.70.224 port 39328 [preauth]
May 31 08:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 08:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Failed password for root from 103.82.132.16 port 46866 ssh2
May 31 08:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Connection closed by 103.82.132.16 port 46866 [preauth]
May 31 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9130]: pam_unix(cron:session): session closed for user root
May 31 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: Failed password for root from 202.133.90.219 port 35812 ssh2
May 31 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: Connection closed by 202.133.90.219 port 35812 [preauth]
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session closed for user p13x
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10698]: Successful su for rubyman by root
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10698]: + ??? root:rubyman
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428328 of user rubyman.
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10698]: pam_unix(su:session): session closed for user rubyman
May 31 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428328.
May 31 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session closed for user root
May 31 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session closed for user samftp
May 31 08:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9546]: pam_unix(cron:session): session closed for user root
May 31 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: Failed password for root from 202.133.90.219 port 53244 ssh2
May 31 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: Connection closed by 202.133.90.219 port 53244 [preauth]
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11052]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11053]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session closed for user p13x
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11113]: Successful su for rubyman by root
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11113]: + ??? root:rubyman
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428332 of user rubyman.
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11113]: pam_unix(su:session): session closed for user rubyman
May 31 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428332.
May 31 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user root
May 31 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11050]: pam_unix(cron:session): session closed for user samftp
May 31 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 08:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Failed password for root from 202.133.90.219 port 38678 ssh2
May 31 08:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Connection closed by 202.133.90.219 port 38678 [preauth]
May 31 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session closed for user root
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11471]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11472]: pam_unix(cron:session): session closed for user root
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session closed for user root
May 31 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11464]: pam_unix(cron:session): session closed for user p13x
May 31 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11566]: Successful su for rubyman by root
May 31 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11566]: + ??? root:rubyman
May 31 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428341 of user rubyman.
May 31 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11566]: pam_unix(su:session): session closed for user rubyman
May 31 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428341.
May 31 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user root
May 31 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session closed for user root
May 31 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session closed for user samftp
May 31 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: Failed password for root from 202.133.90.219 port 58390 ssh2
May 31 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: Connection closed by 202.133.90.219 port 58390 [preauth]
May 31 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10634]: pam_unix(cron:session): session closed for user root
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12031]: pam_unix(cron:session): session closed for user p13x
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: Successful su for rubyman by root
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: + ??? root:rubyman
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428345 of user rubyman.
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session closed for user rubyman
May 31 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428345.
May 31 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session closed for user root
May 31 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12032]: pam_unix(cron:session): session closed for user samftp
May 31 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for root from 103.27.238.114 port 39830 ssh2
May 31 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Connection closed by 103.27.238.114 port 39830 [preauth]
May 31 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Failed password for root from 202.133.90.219 port 44500 ssh2
May 31 09:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Connection closed by 202.133.90.219 port 44500 [preauth]
May 31 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11053]: pam_unix(cron:session): session closed for user root
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session closed for user p13x
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12618]: Successful su for rubyman by root
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12618]: + ??? root:rubyman
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428348 of user rubyman.
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12618]: pam_unix(su:session): session closed for user rubyman
May 31 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428348.
May 31 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9545]: pam_unix(cron:session): session closed for user root
May 31 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session closed for user samftp
May 31 09:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12843]: Failed password for root from 202.133.90.219 port 58610 ssh2
May 31 09:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12843]: Connection closed by 202.133.90.219 port 58610 [preauth]
May 31 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11471]: pam_unix(cron:session): session closed for user root
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session closed for user p13x
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13034]: Successful su for rubyman by root
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13034]: + ??? root:rubyman
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428351 of user rubyman.
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13034]: pam_unix(su:session): session closed for user rubyman
May 31 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428351.
May 31 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user root
May 31 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session closed for user samftp
May 31 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Failed password for root from 202.133.90.219 port 42006 ssh2
May 31 09:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Connection closed by 202.133.90.219 port 42006 [preauth]
May 31 09:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session closed for user root
May 31 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user p13x
May 31 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: Successful su for rubyman by root
May 31 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: + ??? root:rubyman
May 31 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428355 of user rubyman.
May 31 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: pam_unix(su:session): session closed for user rubyman
May 31 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428355.
May 31 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session closed for user root
May 31 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user samftp
May 31 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for root from 202.133.90.219 port 35850 ssh2
May 31 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 202.133.90.219 port 35850 [preauth]
May 31 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user root
May 31 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 09:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13759]: Failed password for root from 80.94.95.115 port 21138 ssh2
May 31 09:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13759]: Connection closed by 80.94.95.115 port 21138 [preauth]
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session closed for user root
May 31 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session closed for user p13x
May 31 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: Successful su for rubyman by root
May 31 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: + ??? root:rubyman
May 31 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428364 of user rubyman.
May 31 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: pam_unix(su:session): session closed for user rubyman
May 31 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428364.
May 31 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session closed for user root
May 31 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11052]: pam_unix(cron:session): session closed for user root
May 31 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session closed for user samftp
May 31 09:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 09:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Failed password for root from 170.82.76.2 port 35247 ssh2
May 31 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Connection closed by 170.82.76.2 port 35247 [preauth]
May 31 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: Failed password for root from 202.133.90.219 port 53316 ssh2
May 31 09:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: Connection closed by 202.133.90.219 port 53316 [preauth]
May 31 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session closed for user root
May 31 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user p13x
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: Successful su for rubyman by root
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: + ??? root:rubyman
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428366 of user rubyman.
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: pam_unix(su:session): session closed for user rubyman
May 31 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428366.
May 31 09:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for root from 103.27.238.120 port 38910 ssh2
May 31 09:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Connection closed by 103.27.238.120 port 38910 [preauth]
May 31 09:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: Failed password for root from 103.27.238.116 port 54968 ssh2
May 31 09:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: Connection closed by 103.27.238.116 port 54968 [preauth]
May 31 09:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user root
May 31 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user samftp
May 31 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Failed password for root from 147.45.199.80 port 43598 ssh2
May 31 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Connection closed by 147.45.199.80 port 43598 [preauth]
May 31 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Failed password for root from 202.133.90.219 port 50226 ssh2
May 31 09:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Connection closed by 202.133.90.219 port 50226 [preauth]
May 31 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user root
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user p13x
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: Successful su for rubyman by root
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: + ??? root:rubyman
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428369 of user rubyman.
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: pam_unix(su:session): session closed for user rubyman
May 31 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428369.
May 31 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session closed for user root
May 31 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user samftp
May 31 09:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 09:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for root from 202.133.90.219 port 44564 ssh2
May 31 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Connection closed by 202.133.90.219 port 44564 [preauth]
May 31 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Failed password for root from 109.237.96.109 port 59882 ssh2
May 31 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Connection closed by 109.237.96.109 port 59882 [preauth]
May 31 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session closed for user root
May 31 09:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Received disconnect from 172.93.102.236 port 21418:11: disconnected by user [preauth]
May 31 09:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Disconnected from 172.93.102.236 port 21418 [preauth]
May 31 09:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: Failed password for root from 103.82.20.28 port 42552 ssh2
May 31 09:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: Connection closed by 103.82.20.28 port 42552 [preauth]
May 31 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15083]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session closed for user p13x
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: Successful su for rubyman by root
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: + ??? root:rubyman
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428374 of user rubyman.
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session closed for user rubyman
May 31 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428374.
May 31 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user root
May 31 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session closed for user samftp
May 31 09:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for root from 202.133.90.219 port 51958 ssh2
May 31 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Connection closed by 202.133.90.219 port 51958 [preauth]
May 31 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user root
May 31 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Failed password for root from 147.45.197.250 port 51714 ssh2
May 31 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Connection closed by 147.45.197.250 port 51714 [preauth]
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user p13x
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: Successful su for rubyman by root
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: + ??? root:rubyman
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428380 of user rubyman.
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: pam_unix(su:session): session closed for user rubyman
May 31 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428380.
May 31 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
May 31 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user root
May 31 09:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user samftp
May 31 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: Failed password for root from 94.159.98.239 port 50558 ssh2
May 31 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: Connection closed by 94.159.98.239 port 50558 [preauth]
May 31 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session closed for user root
May 31 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Failed password for root from 202.133.90.219 port 50666 ssh2
May 31 09:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Connection closed by 202.133.90.219 port 50666 [preauth]
May 31 09:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 09:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Failed password for root from 185.236.22.41 port 35142 ssh2
May 31 09:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Connection closed by 185.236.22.41 port 35142 [preauth]
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user root
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user p13x
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16021]: Successful su for rubyman by root
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16021]: + ??? root:rubyman
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428384 of user rubyman.
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16021]: pam_unix(su:session): session closed for user rubyman
May 31 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428384.
May 31 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session closed for user root
May 31 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user root
May 31 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session closed for user samftp
May 31 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15083]: pam_unix(cron:session): session closed for user root
May 31 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Failed password for root from 202.133.90.219 port 37246 ssh2
May 31 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Connection closed by 202.133.90.219 port 37246 [preauth]
May 31 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user p13x
May 31 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: Successful su for rubyman by root
May 31 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: + ??? root:rubyman
May 31 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428389 of user rubyman.
May 31 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: pam_unix(su:session): session closed for user rubyman
May 31 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428389.
May 31 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session closed for user root
May 31 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user samftp
May 31 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user root
May 31 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for root from 202.133.90.219 port 44198 ssh2
May 31 09:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Connection closed by 202.133.90.219 port 44198 [preauth]
May 31 09:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16774]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16775]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16772]: pam_unix(cron:session): session closed for user p13x
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: Successful su for rubyman by root
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: + ??? root:rubyman
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428392 of user rubyman.
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: pam_unix(su:session): session closed for user rubyman
May 31 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428392.
May 31 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Failed password for root from 103.77.175.15 port 37202 ssh2
May 31 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Connection closed by 103.77.175.15 port 37202 [preauth]
May 31 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user root
May 31 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16773]: pam_unix(cron:session): session closed for user samftp
May 31 09:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session closed for user root
May 31 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Failed password for root from 103.153.68.219 port 59188 ssh2
May 31 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Connection closed by 103.153.68.219 port 59188 [preauth]
May 31 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: Failed password for root from 202.133.90.219 port 42510 ssh2
May 31 09:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: Connection closed by 202.133.90.219 port 42510 [preauth]
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session closed for user p13x
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: Successful su for rubyman by root
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: + ??? root:rubyman
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428397 of user rubyman.
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: pam_unix(su:session): session closed for user rubyman
May 31 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428397.
May 31 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user root
May 31 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user samftp
May 31 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session closed for user root
May 31 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 202.133.90.219 port 46106 ssh2
May 31 09:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 202.133.90.219 port 46106 [preauth]
May 31 09:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Connection reset by 147.185.132.69 port 64872 [preauth]
May 31 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session closed for user p13x
May 31 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: Successful su for rubyman by root
May 31 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: + ??? root:rubyman
May 31 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428400 of user rubyman.
May 31 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: pam_unix(su:session): session closed for user rubyman
May 31 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428400.
May 31 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session closed for user root
May 31 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session closed for user samftp
May 31 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16775]: pam_unix(cron:session): session closed for user root
May 31 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for root from 202.133.90.219 port 37168 ssh2
May 31 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Connection closed by 202.133.90.219 port 37168 [preauth]
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18061]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18060]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18058]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18059]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18061]: pam_unix(cron:session): session closed for user root
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18053]: pam_unix(cron:session): session closed for user p13x
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18122]: Successful su for rubyman by root
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18122]: + ??? root:rubyman
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428406 of user rubyman.
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18122]: pam_unix(su:session): session closed for user rubyman
May 31 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428406.
May 31 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18058]: pam_unix(cron:session): session closed for user root
May 31 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session closed for user root
May 31 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user samftp
May 31 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18341]: Failed password for root from 193.228.128.84 port 59716 ssh2
May 31 09:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18341]: Connection closed by 193.228.128.84 port 59716 [preauth]
May 31 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user root
May 31 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Invalid user ubnt from 185.156.73.233
May 31 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: input_userauth_request: invalid user ubnt [preauth]
May 31 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 09:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Failed password for invalid user ubnt from 185.156.73.233 port 28696 ssh2
May 31 09:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Connection closed by 185.156.73.233 port 28696 [preauth]
May 31 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Failed password for root from 202.133.90.219 port 50360 ssh2
May 31 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Connection closed by 202.133.90.219 port 50360 [preauth]
May 31 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18570]: Failed password for root from 38.93.206.2 port 50274 ssh2
May 31 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18570]: Connection closed by 38.93.206.2 port 50274 [preauth]
May 31 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18584]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user p13x
May 31 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18652]: Successful su for rubyman by root
May 31 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18652]: + ??? root:rubyman
May 31 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428412 of user rubyman.
May 31 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18652]: pam_unix(su:session): session closed for user rubyman
May 31 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428412.
May 31 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session closed for user root
May 31 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user samftp
May 31 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session closed for user root
May 31 09:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Failed password for root from 202.133.90.219 port 43312 ssh2
May 31 09:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Connection closed by 202.133.90.219 port 43312 [preauth]
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19018]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19014]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19014]: pam_unix(cron:session): session closed for user root
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19016]: pam_unix(cron:session): session closed for user p13x
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: Successful su for rubyman by root
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: + ??? root:rubyman
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428414 of user rubyman.
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: pam_unix(su:session): session closed for user rubyman
May 31 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428414.
May 31 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session closed for user root
May 31 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19017]: pam_unix(cron:session): session closed for user samftp
May 31 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18060]: pam_unix(cron:session): session closed for user root
May 31 09:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: Failed password for root from 202.133.90.219 port 41224 ssh2
May 31 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: Connection closed by 202.133.90.219 port 41224 [preauth]
May 31 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19706]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19705]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session closed for user p13x
May 31 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: Successful su for rubyman by root
May 31 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: + ??? root:rubyman
May 31 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428419 of user rubyman.
May 31 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: pam_unix(su:session): session closed for user rubyman
May 31 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428419.
May 31 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16774]: pam_unix(cron:session): session closed for user root
May 31 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session closed for user samftp
May 31 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18584]: pam_unix(cron:session): session closed for user root
May 31 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Failed password for root from 202.133.90.219 port 46618 ssh2
May 31 09:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Connection closed by 202.133.90.219 port 46618 [preauth]
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20114]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session closed for user p13x
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: Successful su for rubyman by root
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: + ??? root:rubyman
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428423 of user rubyman.
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: pam_unix(su:session): session closed for user rubyman
May 31 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428423.
May 31 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user root
May 31 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session closed for user samftp
May 31 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session closed for user root
May 31 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Failed password for root from 202.133.90.219 port 58686 ssh2
May 31 09:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Connection closed by 202.133.90.219 port 58686 [preauth]
May 31 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Invalid user isreal from 213.209.159.56
May 31 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: input_userauth_request: invalid user isreal [preauth]
May 31 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user isreal from 213.209.159.56 port 10472 ssh2
May 31 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user isreal from 213.209.159.56 port 10472 ssh2
May 31 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user isreal from 213.209.159.56 port 10472 ssh2
May 31 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user isreal from 213.209.159.56 port 10472 ssh2
May 31 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user isreal from 213.209.159.56 port 10472 ssh2
May 31 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Received disconnect from 213.209.159.56 port 10472:11: Bye [preauth]
May 31 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Disconnected from 213.209.159.56 port 10472 [preauth]
May 31 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20636]: pam_unix(cron:session): session closed for user root
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20629]: pam_unix(cron:session): session closed for user p13x
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20783]: Successful su for rubyman by root
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20783]: + ??? root:rubyman
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428428 of user rubyman.
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20783]: pam_unix(su:session): session closed for user rubyman
May 31 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428428.
May 31 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session closed for user root
May 31 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user root
May 31 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session closed for user samftp
May 31 09:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19706]: pam_unix(cron:session): session closed for user root
May 31 09:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Failed password for root from 202.133.90.219 port 34528 ssh2
May 31 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Connection closed by 202.133.90.219 port 34528 [preauth]
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user p13x
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: Successful su for rubyman by root
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: + ??? root:rubyman
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428433 of user rubyman.
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: pam_unix(su:session): session closed for user rubyman
May 31 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428433.
May 31 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18059]: pam_unix(cron:session): session closed for user root
May 31 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user samftp
May 31 09:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Failed password for root from 194.61.3.162 port 62306 ssh2
May 31 09:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Received disconnect from 194.61.3.162 port 62306:11: Bye Bye [preauth]
May 31 09:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Disconnected from 194.61.3.162 port 62306 [preauth]
May 31 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20114]: pam_unix(cron:session): session closed for user root
May 31 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: Invalid user public from 202.133.90.219
May 31 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: input_userauth_request: invalid user public [preauth]
May 31 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: Failed password for invalid user public from 202.133.90.219 port 45586 ssh2
May 31 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: Connection closed by 202.133.90.219 port 45586 [preauth]
May 31 09:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 09:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: Failed password for root from 62.133.63.178 port 35724 ssh2
May 31 09:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: Connection closed by 62.133.63.178 port 35724 [preauth]
May 31 09:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: Failed password for root from 37.233.85.71 port 56404 ssh2
May 31 09:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: Connection closed by 37.233.85.71 port 56404 [preauth]
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21580]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21581]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session closed for user p13x
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21644]: Successful su for rubyman by root
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21644]: + ??? root:rubyman
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428437 of user rubyman.
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21644]: pam_unix(su:session): session closed for user rubyman
May 31 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428437.
May 31 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session closed for user root
May 31 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21579]: pam_unix(cron:session): session closed for user samftp
May 31 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21856]: Received disconnect from 186.190.215.90 port 53660:11: disconnected by user [preauth]
May 31 09:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21856]: Disconnected from 186.190.215.90 port 53660 [preauth]
May 31 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: Did not receive identification string from 80.94.92.182
May 31 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Invalid user public from 202.133.90.219
May 31 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: input_userauth_request: invalid user public [preauth]
May 31 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session closed for user root
May 31 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Failed password for invalid user public from 202.133.90.219 port 40924 ssh2
May 31 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Connection closed by 202.133.90.219 port 40924 [preauth]
May 31 09:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21933]: Received disconnect from 94.250.61.10 port 51510:11: disconnected by user [preauth]
May 31 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21933]: Disconnected from 94.250.61.10 port 51510 [preauth]
May 31 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: Received disconnect from 103.75.71.22 port 35242:11: disconnected by user [preauth]
May 31 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: Disconnected from 103.75.71.22 port 35242 [preauth]
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21994]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session closed for user p13x
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22049]: Successful su for rubyman by root
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22049]: + ??? root:rubyman
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428442 of user rubyman.
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22049]: pam_unix(su:session): session closed for user rubyman
May 31 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428442.
May 31 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19018]: pam_unix(cron:session): session closed for user root
May 31 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21993]: pam_unix(cron:session): session closed for user samftp
May 31 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22264]: Failed password for root from 46.19.67.181 port 53148 ssh2
May 31 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22264]: Connection closed by 46.19.67.181 port 53148 [preauth]
May 31 09:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Invalid user prueba from 202.133.90.219
May 31 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: input_userauth_request: invalid user prueba [preauth]
May 31 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Failed password for invalid user prueba from 202.133.90.219 port 53566 ssh2
May 31 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session closed for user root
May 31 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Connection closed by 202.133.90.219 port 53566 [preauth]
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session closed for user p13x
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: Successful su for rubyman by root
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: + ??? root:rubyman
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428445 of user rubyman.
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: pam_unix(su:session): session closed for user rubyman
May 31 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428445.
May 31 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19705]: pam_unix(cron:session): session closed for user root
May 31 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22389]: pam_unix(cron:session): session closed for user samftp
May 31 09:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: Invalid user oracle from 202.133.90.219
May 31 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: input_userauth_request: invalid user oracle [preauth]
May 31 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: Failed password for invalid user oracle from 202.133.90.219 port 50268 ssh2
May 31 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21581]: pam_unix(cron:session): session closed for user root
May 31 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22684]: Connection closed by 202.133.90.219 port 50268 [preauth]
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22779]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22781]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22778]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22782]: pam_unix(cron:session): session closed for user root
May 31 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22776]: pam_unix(cron:session): session closed for user p13x
May 31 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: Successful su for rubyman by root
May 31 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: + ??? root:rubyman
May 31 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428449 of user rubyman.
May 31 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: pam_unix(su:session): session closed for user rubyman
May 31 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428449.
May 31 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22778]: pam_unix(cron:session): session closed for user root
May 31 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session closed for user root
May 31 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Failed password for root from 170.82.76.2 port 37646 ssh2
May 31 09:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Connection closed by 170.82.76.2 port 37646 [preauth]
May 31 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session closed for user samftp
May 31 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: Invalid user oracle from 202.133.90.219
May 31 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: input_userauth_request: invalid user oracle [preauth]
May 31 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: Failed password for invalid user oracle from 202.133.90.219 port 35340 ssh2
May 31 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: Connection closed by 202.133.90.219 port 35340 [preauth]
May 31 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21995]: pam_unix(cron:session): session closed for user root
May 31 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: Received disconnect from 62.210.189.225 port 39860:11: disconnected by user [preauth]
May 31 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: Disconnected from 62.210.189.225 port 39860 [preauth]
May 31 09:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: Received disconnect from 45.148.147.191 port 12956:11: disconnected by user [preauth]
May 31 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: Disconnected from 45.148.147.191 port 12956 [preauth]
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session closed for user p13x
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: Successful su for rubyman by root
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: + ??? root:rubyman
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428455 of user rubyman.
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: pam_unix(su:session): session closed for user rubyman
May 31 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428455.
May 31 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session closed for user root
May 31 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session closed for user samftp
May 31 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Invalid user admin from 80.94.95.115
May 31 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: input_userauth_request: invalid user admin [preauth]
May 31 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Received disconnect from 192.250.227.24 port 55554:11: disconnected by user [preauth]
May 31 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Disconnected from 192.250.227.24 port 55554 [preauth]
May 31 09:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 09:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Failed password for invalid user admin from 80.94.95.115 port 36872 ssh2
May 31 09:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Connection closed by 80.94.95.115 port 36872 [preauth]
May 31 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23507]: Received disconnect from 188.44.20.30 port 37262:11: disconnected by user [preauth]
May 31 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23507]: Disconnected from 188.44.20.30 port 37262 [preauth]
May 31 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Invalid user O from 202.133.90.219
May 31 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: input_userauth_request: invalid user O [preauth]
May 31 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Failed password for invalid user O from 202.133.90.219 port 44912 ssh2
May 31 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Connection closed by 202.133.90.219 port 44912 [preauth]
May 31 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Invalid user ftpdata from 194.61.3.162
May 31 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: input_userauth_request: invalid user ftpdata [preauth]
May 31 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162
May 31 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
May 31 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Failed password for invalid user ftpdata from 194.61.3.162 port 8124 ssh2
May 31 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Received disconnect from 194.61.3.162 port 8124:11: Bye Bye [preauth]
May 31 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Disconnected from 194.61.3.162 port 8124 [preauth]
May 31 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23625]: pam_unix(cron:session): session closed for user p13x
May 31 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: Successful su for rubyman by root
May 31 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: + ??? root:rubyman
May 31 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428459 of user rubyman.
May 31 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: pam_unix(su:session): session closed for user rubyman
May 31 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428459.
May 31 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session closed for user root
May 31 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session closed for user samftp
May 31 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: Failed password for root from 103.122.221.179 port 40486 ssh2
May 31 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: Connection closed by 103.122.221.179 port 40486 [preauth]
May 31 09:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Invalid user mit from 202.133.90.219
May 31 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: input_userauth_request: invalid user mit [preauth]
May 31 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Failed password for invalid user mit from 202.133.90.219 port 43460 ssh2
May 31 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Connection closed by 202.133.90.219 port 43460 [preauth]
May 31 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22781]: pam_unix(cron:session): session closed for user root
May 31 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Received disconnect from 62.182.85.212 port 36358:11: disconnected by user [preauth]
May 31 09:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Disconnected from 62.182.85.212 port 36358 [preauth]
May 31 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Invalid user dietpi from 194.61.3.162
May 31 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: input_userauth_request: invalid user dietpi [preauth]
May 31 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162
May 31 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Failed password for invalid user dietpi from 194.61.3.162 port 32334 ssh2
May 31 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Received disconnect from 194.61.3.162 port 32334:11: Bye Bye [preauth]
May 31 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Disconnected from 194.61.3.162 port 32334 [preauth]
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session closed for user p13x
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24202]: Successful su for rubyman by root
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24202]: + ??? root:rubyman
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428463 of user rubyman.
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24202]: pam_unix(su:session): session closed for user rubyman
May 31 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428463.
May 31 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21580]: pam_unix(cron:session): session closed for user root
May 31 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session closed for user samftp
May 31 09:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 09:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: Failed password for root from 103.176.20.57 port 33666 ssh2
May 31 09:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: Connection closed by 103.176.20.57 port 33666 [preauth]
May 31 09:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: Invalid user martin from 202.133.90.219
May 31 09:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: input_userauth_request: invalid user martin [preauth]
May 31 09:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: Failed password for invalid user martin from 202.133.90.219 port 44910 ssh2
May 31 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: Connection closed by 202.133.90.219 port 44910 [preauth]
May 31 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23197]: pam_unix(cron:session): session closed for user root
May 31 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: Invalid user ubuntu from 80.94.92.182
May 31 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: input_userauth_request: invalid user ubuntu [preauth]
May 31 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: Failed password for invalid user ubuntu from 80.94.92.182 port 38384 ssh2
May 31 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: Connection closed by 80.94.92.182 port 38384 [preauth]
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24569]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24567]: pam_unix(cron:session): session closed for user p13x
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: Successful su for rubyman by root
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: + ??? root:rubyman
May 31 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428468 of user rubyman.
May 31 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: pam_unix(su:session): session closed for user rubyman
May 31 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428468.
May 31 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21994]: pam_unix(cron:session): session closed for user root
May 31 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24568]: pam_unix(cron:session): session closed for user samftp
May 31 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Failed password for root from 176.32.39.21 port 34728 ssh2
May 31 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Connection closed by 176.32.39.21 port 34728 [preauth]
May 31 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Failed password for root from 194.61.3.162 port 15846 ssh2
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Received disconnect from 194.61.3.162 port 15846:11: Bye Bye [preauth]
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Disconnected from 194.61.3.162 port 15846 [preauth]
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Invalid user mark from 202.133.90.219
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: input_userauth_request: invalid user mark [preauth]
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Failed password for invalid user mark from 202.133.90.219 port 55296 ssh2
May 31 09:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Connection closed by 202.133.90.219 port 55296 [preauth]
May 31 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user root
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24994]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24995]: pam_unix(cron:session): session closed for user root
May 31 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session closed for user p13x
May 31 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25065]: Successful su for rubyman by root
May 31 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25065]: + ??? root:rubyman
May 31 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428472 of user rubyman.
May 31 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25065]: pam_unix(su:session): session closed for user rubyman
May 31 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428472.
May 31 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session closed for user root
May 31 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user root
May 31 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session closed for user samftp
May 31 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Invalid user mak from 202.133.90.219
May 31 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: input_userauth_request: invalid user mak [preauth]
May 31 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Failed password for invalid user mak from 202.133.90.219 port 56450 ssh2
May 31 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Connection closed by 202.133.90.219 port 56450 [preauth]
May 31 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session closed for user root
May 31 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25332]: Failed password for root from 103.149.170.125 port 42870 ssh2
May 31 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25332]: Connection closed by 103.149.170.125 port 42870 [preauth]
May 31 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Failed password for root from 194.61.3.162 port 28080 ssh2
May 31 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Received disconnect from 194.61.3.162 port 28080:11: Bye Bye [preauth]
May 31 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Disconnected from 194.61.3.162 port 28080 [preauth]
May 31 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: Connection closed by 194.59.206.2 port 41080 [preauth]
May 31 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session closed for user p13x
May 31 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25494]: Successful su for rubyman by root
May 31 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25494]: + ??? root:rubyman
May 31 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428479 of user rubyman.
May 31 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25494]: pam_unix(su:session): session closed for user rubyman
May 31 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428479.
May 31 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22779]: pam_unix(cron:session): session closed for user root
May 31 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session closed for user samftp
May 31 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: Failed password for root from 87.251.79.125 port 54188 ssh2
May 31 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: Connection closed by 87.251.79.125 port 54188 [preauth]
May 31 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Invalid user leo from 202.133.90.219
May 31 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: input_userauth_request: invalid user leo [preauth]
May 31 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Failed password for invalid user leo from 202.133.90.219 port 42460 ssh2
May 31 09:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Connection closed by 202.133.90.219 port 42460 [preauth]
May 31 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session closed for user root
May 31 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Failed password for root from 194.61.3.162 port 27924 ssh2
May 31 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Received disconnect from 194.61.3.162 port 27924:11: Bye Bye [preauth]
May 31 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Disconnected from 194.61.3.162 port 27924 [preauth]
May 31 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25834]: pam_unix(cron:session): session closed for user p13x
May 31 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: Successful su for rubyman by root
May 31 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: + ??? root:rubyman
May 31 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428482 of user rubyman.
May 31 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: pam_unix(su:session): session closed for user rubyman
May 31 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428482.
May 31 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session closed for user root
May 31 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25835]: pam_unix(cron:session): session closed for user samftp
May 31 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: Invalid user lab from 202.133.90.219
May 31 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: input_userauth_request: invalid user lab [preauth]
May 31 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: Failed password for invalid user lab from 202.133.90.219 port 54250 ssh2
May 31 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: Connection closed by 202.133.90.219 port 54250 [preauth]
May 31 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24994]: pam_unix(cron:session): session closed for user root
May 31 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: Invalid user ubuntu from 80.94.92.182
May 31 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: input_userauth_request: invalid user ubuntu [preauth]
May 31 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: Failed password for invalid user ubuntu from 80.94.92.182 port 41086 ssh2
May 31 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26172]: Connection closed by 80.94.92.182 port 41086 [preauth]
May 31 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Invalid user kiosk from 173.254.234.162
May 31 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: input_userauth_request: invalid user kiosk [preauth]
May 31 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Failed password for invalid user kiosk from 173.254.234.162 port 35820 ssh2
May 31 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Connection closed by 173.254.234.162 port 35820 [preauth]
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26227]: pam_unix(cron:session): session closed for user p13x
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: Successful su for rubyman by root
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: + ??? root:rubyman
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428486 of user rubyman.
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: pam_unix(su:session): session closed for user rubyman
May 31 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428486.
May 31 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session closed for user root
May 31 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user samftp
May 31 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Invalid user jboss from 202.133.90.219
May 31 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: input_userauth_request: invalid user jboss [preauth]
May 31 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Failed password for root from 194.61.3.162 port 64452 ssh2
May 31 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Received disconnect from 194.61.3.162 port 64452:11: Bye Bye [preauth]
May 31 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Disconnected from 194.61.3.162 port 64452 [preauth]
May 31 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Failed password for invalid user jboss from 202.133.90.219 port 45550 ssh2
May 31 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Connection closed by 202.133.90.219 port 45550 [preauth]
May 31 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26511]: Failed password for root from 194.113.233.25 port 54004 ssh2
May 31 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26511]: Connection closed by 194.113.233.25 port 54004 [preauth]
May 31 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session closed for user root
May 31 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Invalid user user from 2.57.121.25
May 31 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: input_userauth_request: invalid user user [preauth]
May 31 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user user from 2.57.121.25 port 16263 ssh2
May 31 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user user from 2.57.121.25 port 16263 ssh2
May 31 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user user from 2.57.121.25 port 16263 ssh2
May 31 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user user from 2.57.121.25 port 16263 ssh2
May 31 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user user from 2.57.121.25 port 16263 ssh2
May 31 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Received disconnect from 2.57.121.25 port 16263:11: Bye [preauth]
May 31 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Disconnected from 2.57.121.25 port 16263 [preauth]
May 31 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26625]: pam_unix(cron:session): session closed for user p13x
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26773]: Successful su for rubyman by root
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26773]: + ??? root:rubyman
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428490 of user rubyman.
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26773]: pam_unix(su:session): session closed for user rubyman
May 31 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428490.
May 31 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session closed for user root
May 31 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session closed for user samftp
May 31 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Invalid user informix from 202.133.90.219
May 31 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: input_userauth_request: invalid user informix [preauth]
May 31 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Failed password for invalid user informix from 202.133.90.219 port 45514 ssh2
May 31 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Connection closed by 202.133.90.219 port 45514 [preauth]
May 31 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25837]: pam_unix(cron:session): session closed for user root
May 31 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: Invalid user devops from 194.61.3.162
May 31 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: input_userauth_request: invalid user devops [preauth]
May 31 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162
May 31 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: Failed password for invalid user devops from 194.61.3.162 port 11516 ssh2
May 31 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: Received disconnect from 194.61.3.162 port 11516:11: Bye Bye [preauth]
May 31 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: Disconnected from 194.61.3.162 port 11516 [preauth]
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27114]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27113]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27116]: pam_unix(cron:session): session closed for user root
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27110]: pam_unix(cron:session): session closed for user p13x
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: Successful su for rubyman by root
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: + ??? root:rubyman
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428495 of user rubyman.
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: pam_unix(su:session): session closed for user rubyman
May 31 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428495.
May 31 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27113]: pam_unix(cron:session): session closed for user root
May 31 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24569]: pam_unix(cron:session): session closed for user root
May 31 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27111]: pam_unix(cron:session): session closed for user samftp
May 31 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Invalid user guest from 202.133.90.219
May 31 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: input_userauth_request: invalid user guest [preauth]
May 31 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Failed password for invalid user guest from 202.133.90.219 port 48768 ssh2
May 31 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Connection closed by 202.133.90.219 port 48768 [preauth]
May 31 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Failed password for root from 77.94.47.83 port 34404 ssh2
May 31 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Connection closed by 77.94.47.83 port 34404 [preauth]
May 31 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user root
May 31 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Failed password for root from 194.61.3.162 port 37540 ssh2
May 31 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Received disconnect from 194.61.3.162 port 37540:11: Bye Bye [preauth]
May 31 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Disconnected from 194.61.3.162 port 37540 [preauth]
May 31 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user p13x
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27638]: Successful su for rubyman by root
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27638]: + ??? root:rubyman
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428500 of user rubyman.
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27638]: pam_unix(su:session): session closed for user rubyman
May 31 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428500.
May 31 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24993]: pam_unix(cron:session): session closed for user root
May 31 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Failed password for root from 185.156.73.233 port 30056 ssh2
May 31 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user samftp
May 31 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Connection closed by 185.156.73.233 port 30056 [preauth]
May 31 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Invalid user git from 202.133.90.219
May 31 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: input_userauth_request: invalid user git [preauth]
May 31 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Failed password for invalid user git from 202.133.90.219 port 36450 ssh2
May 31 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Connection closed by 202.133.90.219 port 36450 [preauth]
May 31 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session closed for user root
May 31 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: Failed password for root from 109.172.54.111 port 38982 ssh2
May 31 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: Connection closed by 109.172.54.111 port 38982 [preauth]
May 31 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: Invalid user sol from 80.94.92.182
May 31 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: input_userauth_request: invalid user sol [preauth]
May 31 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: Connection closed by 80.94.92.182 port 43792 [preauth]
May 31 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27998]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27994]: pam_unix(cron:session): session closed for user p13x
May 31 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28109]: Successful su for rubyman by root
May 31 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28109]: + ??? root:rubyman
May 31 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428503 of user rubyman.
May 31 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28109]: pam_unix(su:session): session closed for user rubyman
May 31 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428503.
May 31 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session closed for user root
May 31 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session closed for user samftp
May 31 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Invalid user ftpuser from 202.133.90.219
May 31 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: input_userauth_request: invalid user ftpuser [preauth]
May 31 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Invalid user admin from 2.57.121.112
May 31 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: input_userauth_request: invalid user admin [preauth]
May 31 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Invalid user jose from 194.61.3.162
May 31 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: input_userauth_request: invalid user jose [preauth]
May 31 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162
May 31 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Failed password for invalid user ftpuser from 202.133.90.219 port 36726 ssh2
May 31 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Connection closed by 202.133.90.219 port 36726 [preauth]
May 31 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for invalid user admin from 2.57.121.112 port 26650 ssh2
May 31 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Failed password for invalid user jose from 194.61.3.162 port 52592 ssh2
May 31 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Received disconnect from 194.61.3.162 port 52592:11: Bye Bye [preauth]
May 31 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Disconnected from 194.61.3.162 port 52592 [preauth]
May 31 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for invalid user admin from 2.57.121.112 port 26650 ssh2
May 31 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for invalid user admin from 2.57.121.112 port 26650 ssh2
May 31 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for invalid user admin from 2.57.121.112 port 26650 ssh2
May 31 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for invalid user admin from 2.57.121.112 port 26650 ssh2
May 31 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Received disconnect from 2.57.121.112 port 26650:11: Bye [preauth]
May 31 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Disconnected from 2.57.121.112 port 26650 [preauth]
May 31 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27115]: pam_unix(cron:session): session closed for user root
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session closed for user p13x
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28505]: Successful su for rubyman by root
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28505]: + ??? root:rubyman
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428508 of user rubyman.
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28505]: pam_unix(su:session): session closed for user rubyman
May 31 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428508.
May 31 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25836]: pam_unix(cron:session): session closed for user root
May 31 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session closed for user samftp
May 31 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Failed password for root from 62.133.62.83 port 57976 ssh2
May 31 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Connection closed by 62.133.62.83 port 57976 [preauth]
May 31 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: Invalid user ftpuser from 202.133.90.219
May 31 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: input_userauth_request: invalid user ftpuser [preauth]
May 31 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: Failed password for invalid user ftpuser from 202.133.90.219 port 58742 ssh2
May 31 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: Connection closed by 202.133.90.219 port 58742 [preauth]
May 31 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session closed for user root
May 31 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for root from 194.61.3.162 port 28848 ssh2
May 31 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Received disconnect from 194.61.3.162 port 28848:11: Bye Bye [preauth]
May 31 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Disconnected from 194.61.3.162 port 28848 [preauth]
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28942]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28938]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28940]: pam_unix(cron:session): session closed for user p13x
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29054]: Successful su for rubyman by root
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29054]: + ??? root:rubyman
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428511 of user rubyman.
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29054]: pam_unix(su:session): session closed for user rubyman
May 31 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428511.
May 31 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28938]: pam_unix(cron:session): session closed for user root
May 31 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session closed for user root
May 31 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28941]: pam_unix(cron:session): session closed for user samftp
May 31 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: Invalid user es from 202.133.90.219
May 31 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: input_userauth_request: invalid user es [preauth]
May 31 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: Failed password for invalid user es from 202.133.90.219 port 50498 ssh2
May 31 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: Connection closed by 202.133.90.219 port 50498 [preauth]
May 31 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Failed password for root from 80.66.85.226 port 58102 ssh2
May 31 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Connection closed by 80.66.85.226 port 58102 [preauth]
May 31 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27998]: pam_unix(cron:session): session closed for user root
May 31 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29430]: Failed password for root from 194.61.3.162 port 36810 ssh2
May 31 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29430]: Received disconnect from 194.61.3.162 port 36810:11: Bye Bye [preauth]
May 31 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29430]: Disconnected from 194.61.3.162 port 36810 [preauth]
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29453]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29455]: pam_unix(cron:session): session closed for user root
May 31 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user p13x
May 31 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29616]: Successful su for rubyman by root
May 31 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29616]: + ??? root:rubyman
May 31 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428519 of user rubyman.
May 31 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29616]: pam_unix(su:session): session closed for user rubyman
May 31 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428519.
May 31 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session closed for user root
May 31 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session closed for user root
May 31 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29451]: pam_unix(cron:session): session closed for user samftp
May 31 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Invalid user dvs from 202.133.90.219
May 31 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: input_userauth_request: invalid user dvs [preauth]
May 31 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Failed password for invalid user dvs from 202.133.90.219 port 43942 ssh2
May 31 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Connection closed by 202.133.90.219 port 43942 [preauth]
May 31 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session closed for user root
May 31 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session closed for user p13x
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Invalid user solana from 80.94.92.182
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: input_userauth_request: invalid user solana [preauth]
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: Successful su for rubyman by root
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: + ??? root:rubyman
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428522 of user rubyman.
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: pam_unix(su:session): session closed for user rubyman
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428522.
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27114]: pam_unix(cron:session): session closed for user root
May 31 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Failed password for invalid user solana from 80.94.92.182 port 46506 ssh2
May 31 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Connection closed by 80.94.92.182 port 46506 [preauth]
May 31 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session closed for user samftp
May 31 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: Invalid user deploy from 202.133.90.219
May 31 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: input_userauth_request: invalid user deploy [preauth]
May 31 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: Failed password for invalid user deploy from 202.133.90.219 port 55798 ssh2
May 31 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: Connection closed by 202.133.90.219 port 55798 [preauth]
May 31 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Invalid user rstudio from 194.61.3.162
May 31 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: input_userauth_request: invalid user rstudio [preauth]
May 31 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162
May 31 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user rstudio from 194.61.3.162 port 3160 ssh2
May 31 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Received disconnect from 194.61.3.162 port 3160:11: Bye Bye [preauth]
May 31 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Disconnected from 194.61.3.162 port 3160 [preauth]
May 31 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session closed for user root
May 31 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session closed for user p13x
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30508]: Successful su for rubyman by root
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30508]: + ??? root:rubyman
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428526 of user rubyman.
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30508]: pam_unix(su:session): session closed for user rubyman
May 31 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428526.
May 31 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
May 31 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session closed for user samftp
May 31 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Invalid user daniel from 202.133.90.219
May 31 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: input_userauth_request: invalid user daniel [preauth]
May 31 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Failed password for invalid user daniel from 202.133.90.219 port 55426 ssh2
May 31 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Connection closed by 202.133.90.219 port 55426 [preauth]
May 31 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29454]: pam_unix(cron:session): session closed for user root
May 31 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162  user=root
May 31 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Failed password for root from 194.61.3.162 port 58208 ssh2
May 31 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Received disconnect from 194.61.3.162 port 58208:11: Bye Bye [preauth]
May 31 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Disconnected from 194.61.3.162 port 58208 [preauth]
May 31 09:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session closed for user p13x
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31017]: Successful su for rubyman by root
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31017]: + ??? root:rubyman
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428530 of user rubyman.
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31017]: pam_unix(su:session): session closed for user rubyman
May 31 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428530.
May 31 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27997]: pam_unix(cron:session): session closed for user root
May 31 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session closed for user samftp
May 31 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Invalid user azureuser from 202.133.90.219
May 31 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: input_userauth_request: invalid user azureuser [preauth]
May 31 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Failed password for invalid user azureuser from 202.133.90.219 port 56106 ssh2
May 31 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Connection closed by 202.133.90.219 port 56106 [preauth]
May 31 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: Invalid user panorpid from 67.207.84.8
May 31 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: input_userauth_request: invalid user panorpid [preauth]
May 31 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: Failed password for invalid user panorpid from 67.207.84.8 port 58108 ssh2
May 31 09:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: Connection closed by 67.207.84.8 port 58108 [preauth]
May 31 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user root
May 31 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Failed password for root from 103.172.78.219 port 50454 ssh2
May 31 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Connection closed by 103.172.78.219 port 50454 [preauth]
May 31 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session closed for user p13x
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31428]: Successful su for rubyman by root
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31428]: + ??? root:rubyman
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428534 of user rubyman.
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31428]: pam_unix(su:session): session closed for user rubyman
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428534.
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Invalid user test from 194.61.3.162
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: input_userauth_request: invalid user test [preauth]
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.3.162
May 31 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Failed password for invalid user test from 194.61.3.162 port 27032 ssh2
May 31 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Received disconnect from 194.61.3.162 port 27032:11: Bye Bye [preauth]
May 31 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Disconnected from 194.61.3.162 port 27032 [preauth]
May 31 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user root
May 31 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Invalid user admin from 202.133.90.219
May 31 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: input_userauth_request: invalid user admin [preauth]
May 31 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session closed for user samftp
May 31 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Failed password for invalid user admin from 202.133.90.219 port 48400 ssh2
May 31 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Connection closed by 202.133.90.219 port 48400 [preauth]
May 31 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session closed for user root
May 31 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31873]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31872]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31873]: pam_unix(cron:session): session closed for user root
May 31 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session closed for user p13x
May 31 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31942]: Successful su for rubyman by root
May 31 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31942]: + ??? root:rubyman
May 31 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428542 of user rubyman.
May 31 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31942]: pam_unix(su:session): session closed for user rubyman
May 31 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428542.
May 31 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: Invalid user zhang from 202.133.90.219
May 31 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: input_userauth_request: invalid user zhang [preauth]
May 31 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session closed for user root
May 31 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28942]: pam_unix(cron:session): session closed for user root
May 31 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: Failed password for invalid user zhang from 202.133.90.219 port 38758 ssh2
May 31 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session closed for user samftp
May 31 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31856]: Connection closed by 202.133.90.219 port 38758 [preauth]
May 31 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: Invalid user solana from 80.94.92.182
May 31 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: input_userauth_request: invalid user solana [preauth]
May 31 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: Failed password for invalid user solana from 80.94.92.182 port 49202 ssh2
May 31 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32155]: Connection closed by 80.94.92.182 port 49202 [preauth]
May 31 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session closed for user root
May 31 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Received disconnect from 50.7.233.211 port 29398:11: disconnected by user [preauth]
May 31 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Disconnected from 50.7.233.211 port 29398 [preauth]
May 31 09:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session closed for user p13x
May 31 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32382]: Successful su for rubyman by root
May 31 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32382]: + ??? root:rubyman
May 31 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428544 of user rubyman.
May 31 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32382]: pam_unix(su:session): session closed for user rubyman
May 31 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428544.
May 31 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: Invalid user wireguard from 202.133.90.219
May 31 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: input_userauth_request: invalid user wireguard [preauth]
May 31 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29453]: pam_unix(cron:session): session closed for user root
May 31 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session closed for user samftp
May 31 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: Failed password for invalid user wireguard from 202.133.90.219 port 56838 ssh2
May 31 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32308]: Connection closed by 202.133.90.219 port 56838 [preauth]
May 31 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31364]: pam_unix(cron:session): session closed for user root
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session closed for user p13x
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: Successful su for rubyman by root
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: + ??? root:rubyman
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428549 of user rubyman.
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session closed for user rubyman
May 31 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428549.
May 31 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user root
May 31 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user samftp
May 31 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Invalid user weston from 202.133.90.219
May 31 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: input_userauth_request: invalid user weston [preauth]
May 31 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Failed password for invalid user weston from 202.133.90.219 port 57412 ssh2
May 31 09:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Connection closed by 202.133.90.219 port 57412 [preauth]
May 31 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Invalid user default from 80.94.95.116
May 31 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: input_userauth_request: invalid user default [preauth]
May 31 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Failed password for invalid user default from 80.94.95.116 port 48006 ssh2
May 31 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Connection closed by 80.94.95.116 port 48006 [preauth]
May 31 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31872]: pam_unix(cron:session): session closed for user root
May 31 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Failed password for root from 103.15.222.183 port 40640 ssh2
May 31 09:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Connection closed by 103.15.222.183 port 40640 [preauth]
May 31 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[830]: pam_unix(cron:session): session closed for user p13x
May 31 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[896]: Successful su for rubyman by root
May 31 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[896]: + ??? root:rubyman
May 31 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428552 of user rubyman.
May 31 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[896]: pam_unix(su:session): session closed for user rubyman
May 31 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428552.
May 31 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session closed for user root
May 31 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Invalid user user01 from 202.133.90.219
May 31 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: input_userauth_request: invalid user user01 [preauth]
May 31 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[831]: pam_unix(cron:session): session closed for user samftp
May 31 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Failed password for invalid user user01 from 202.133.90.219 port 33074 ssh2
May 31 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Connection closed by 202.133.90.219 port 33074 [preauth]
May 31 09:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Failed password for root from 51.250.105.222 port 56998 ssh2
May 31 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Connection closed by 51.250.105.222 port 56998 [preauth]
May 31 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session closed for user root
May 31 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session closed for user p13x
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1352]: Successful su for rubyman by root
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1352]: + ??? root:rubyman
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428558 of user rubyman.
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1352]: pam_unix(su:session): session closed for user rubyman
May 31 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428558.
May 31 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Invalid user ubuntu from 202.133.90.219
May 31 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: input_userauth_request: invalid user ubuntu [preauth]
May 31 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session closed for user root
May 31 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1279]: pam_unix(cron:session): session closed for user samftp
May 31 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Failed password for invalid user ubuntu from 202.133.90.219 port 54038 ssh2
May 31 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Connection closed by 202.133.90.219 port 54038 [preauth]
May 31 09:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Invalid user sol from 80.94.92.182
May 31 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: input_userauth_request: invalid user sol [preauth]
May 31 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Failed password for invalid user sol from 80.94.92.182 port 51928 ssh2
May 31 09:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Connection closed by 80.94.92.182 port 51928 [preauth]
May 31 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user root
May 31 09:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Invalid user ubuntu from 202.133.90.219
May 31 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: input_userauth_request: invalid user ubuntu [preauth]
May 31 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Failed password for invalid user ubuntu from 202.133.90.219 port 56022 ssh2
May 31 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Connection closed by 202.133.90.219 port 56022 [preauth]
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session closed for user root
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session closed for user p13x
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1915]: Successful su for rubyman by root
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1915]: + ??? root:rubyman
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428560 of user rubyman.
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1915]: pam_unix(su:session): session closed for user rubyman
May 31 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428560.
May 31 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session closed for user root
May 31 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session closed for user root
May 31 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session closed for user samftp
May 31 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: Failed password for root from 103.77.242.62 port 57994 ssh2
May 31 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2151]: Connection closed by 103.77.242.62 port 57994 [preauth]
May 31 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2255]: Received disconnect from 69.175.92.21 port 46422:11: disconnected by user [preauth]
May 31 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2255]: Disconnected from 69.175.92.21 port 46422 [preauth]
May 31 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session closed for user root
May 31 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Invalid user toto from 202.133.90.219
May 31 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: input_userauth_request: invalid user toto [preauth]
May 31 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Failed password for invalid user toto from 202.133.90.219 port 52556 ssh2
May 31 09:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Connection closed by 202.133.90.219 port 52556 [preauth]
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session closed for user p13x
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: Successful su for rubyman by root
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: + ??? root:rubyman
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428566 of user rubyman.
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: pam_unix(su:session): session closed for user rubyman
May 31 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428566.
May 31 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session closed for user root
May 31 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session closed for user samftp
May 31 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Received disconnect from 104.248.177.83 port 47192:11: disconnected by user [preauth]
May 31 09:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Disconnected from 104.248.177.83 port 47192 [preauth]
May 31 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session closed for user root
May 31 09:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Invalid user torrent from 202.133.90.219
May 31 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: input_userauth_request: invalid user torrent [preauth]
May 31 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user torrent from 202.133.90.219 port 40640 ssh2
May 31 09:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Connection closed by 202.133.90.219 port 40640 [preauth]
May 31 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session closed for user p13x
May 31 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: Successful su for rubyman by root
May 31 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: + ??? root:rubyman
May 31 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428572 of user rubyman.
May 31 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: pam_unix(su:session): session closed for user rubyman
May 31 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428572.
May 31 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session closed for user root
May 31 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session closed for user samftp
May 31 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session closed for user root
May 31 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Invalid user fax from 67.207.84.8
May 31 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: input_userauth_request: invalid user fax [preauth]
May 31 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Failed password for invalid user fax from 67.207.84.8 port 51900 ssh2
May 31 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Connection closed by 67.207.84.8 port 51900 [preauth]
May 31 09:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Invalid user toidicho from 202.133.90.219
May 31 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: input_userauth_request: invalid user toidicho [preauth]
May 31 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Failed password for invalid user toidicho from 202.133.90.219 port 51702 ssh2
May 31 09:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Connection closed by 202.133.90.219 port 51702 [preauth]
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session closed for user p13x
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3244]: Successful su for rubyman by root
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3244]: + ??? root:rubyman
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428575 of user rubyman.
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3244]: pam_unix(su:session): session closed for user rubyman
May 31 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428575.
May 31 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session closed for user root
May 31 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3183]: pam_unix(cron:session): session closed for user samftp
May 31 09:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session closed for user root
May 31 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Invalid user sol from 80.94.92.182
May 31 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: input_userauth_request: invalid user sol [preauth]
May 31 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Failed password for invalid user sol from 80.94.92.182 port 54620 ssh2
May 31 09:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Connection closed by 80.94.92.182 port 54620 [preauth]
May 31 09:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Invalid user test from 202.133.90.219
May 31 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: input_userauth_request: invalid user test [preauth]
May 31 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Failed password for invalid user test from 202.133.90.219 port 40896 ssh2
May 31 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Connection closed by 202.133.90.219 port 40896 [preauth]
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session closed for user p13x
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3639]: Successful su for rubyman by root
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3639]: + ??? root:rubyman
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428578 of user rubyman.
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3639]: pam_unix(su:session): session closed for user rubyman
May 31 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428578.
May 31 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[832]: pam_unix(cron:session): session closed for user root
May 31 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session closed for user samftp
May 31 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session closed for user root
May 31 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Invalid user test2 from 202.133.90.219
May 31 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: input_userauth_request: invalid user test2 [preauth]
May 31 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for invalid user test2 from 202.133.90.219 port 37524 ssh2
May 31 09:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Connection closed by 202.133.90.219 port 37524 [preauth]
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user root
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session closed for user p13x
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: Successful su for rubyman by root
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: + ??? root:rubyman
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428582 of user rubyman.
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: pam_unix(su:session): session closed for user rubyman
May 31 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428582.
May 31 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session closed for user root
May 31 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session closed for user root
May 31 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session closed for user samftp
May 31 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 09:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: Failed password for root from 193.37.70.224 port 44996 ssh2
May 31 09:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: Connection closed by 193.37.70.224 port 44996 [preauth]
May 31 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session closed for user root
May 31 09:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Invalid user samba from 202.133.90.219
May 31 09:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: input_userauth_request: invalid user samba [preauth]
May 31 09:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Failed password for invalid user samba from 202.133.90.219 port 48100 ssh2
May 31 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Connection closed by 202.133.90.219 port 48100 [preauth]
May 31 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Invalid user penanceless from 173.254.234.162
May 31 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: input_userauth_request: invalid user penanceless [preauth]
May 31 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4611]: pam_unix(cron:session): session closed for user p13x
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4683]: Successful su for rubyman by root
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4683]: + ??? root:rubyman
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428588 of user rubyman.
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4683]: pam_unix(su:session): session closed for user rubyman
May 31 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428588.
May 31 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Failed password for invalid user penanceless from 173.254.234.162 port 48526 ssh2
May 31 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Connection closed by 173.254.234.162 port 48526 [preauth]
May 31 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session closed for user root
May 31 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4612]: pam_unix(cron:session): session closed for user samftp
May 31 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session closed for user root
May 31 09:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Failed password for root from 202.133.90.219 port 50198 ssh2
May 31 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Connection closed by 202.133.90.219 port 50198 [preauth]
May 31 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5037]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5038]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5035]: pam_unix(cron:session): session closed for user p13x
May 31 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5093]: Successful su for rubyman by root
May 31 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5093]: + ??? root:rubyman
May 31 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428593 of user rubyman.
May 31 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5093]: pam_unix(su:session): session closed for user rubyman
May 31 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428593.
May 31 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session closed for user root
May 31 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5036]: pam_unix(cron:session): session closed for user samftp
May 31 09:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Invalid user kevin from 80.94.95.115
May 31 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: input_userauth_request: invalid user kevin [preauth]
May 31 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Failed password for invalid user kevin from 80.94.95.115 port 57122 ssh2
May 31 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Connection closed by 80.94.95.115 port 57122 [preauth]
May 31 09:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Failed password for root from 38.93.206.2 port 46890 ssh2
May 31 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Connection closed by 38.93.206.2 port 46890 [preauth]
May 31 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5333]: Failed password for root from 103.149.28.157 port 39242 ssh2
May 31 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5333]: Connection closed by 103.149.28.157 port 39242 [preauth]
May 31 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: Invalid user sol from 80.94.92.182
May 31 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: input_userauth_request: invalid user sol [preauth]
May 31 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user root
May 31 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: pam_unix(sshd:auth): check pass; user unknown
May 31 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: Failed password for invalid user sol from 80.94.92.182 port 57316 ssh2
May 31 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: Connection closed by 80.94.92.182 port 57316 [preauth]
May 31 09:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for root from 202.133.90.219 port 37452 ssh2
May 31 09:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Connection closed by 202.133.90.219 port 37452 [preauth]
May 31 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5441]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5438]: pam_unix(cron:session): session closed for user p13x
May 31 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5500]: Successful su for rubyman by root
May 31 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5500]: + ??? root:rubyman
May 31 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428596 of user rubyman.
May 31 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5500]: pam_unix(su:session): session closed for user rubyman
May 31 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428596.
May 31 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session closed for user root
May 31 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session closed for user samftp
May 31 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4615]: pam_unix(cron:session): session closed for user root
May 31 09:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 09:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Failed password for root from 202.133.90.219 port 57422 ssh2
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5821]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5820]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5818]: pam_unix(cron:session): session closed for user p13x
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Connection closed by 202.133.90.219 port 57422 [preauth]
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5881]: Successful su for rubyman by root
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5881]: + ??? root:rubyman
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428600 of user rubyman.
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5881]: pam_unix(su:session): session closed for user rubyman
May 31 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428600.
May 31 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3184]: pam_unix(cron:session): session closed for user root
May 31 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5819]: pam_unix(cron:session): session closed for user samftp
May 31 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: Failed password for root from 89.108.118.91 port 50662 ssh2
May 31 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: Connection closed by 89.108.118.91 port 50662 [preauth]
May 31 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5038]: pam_unix(cron:session): session closed for user root
May 31 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session closed for user root
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session closed for user root
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session closed for user p13x
May 31 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Failed password for root from 202.133.90.219 port 38562 ssh2
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: Successful su for rubyman by root
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: + ??? root:rubyman
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428610 of user rubyman.
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: pam_unix(su:session): session closed for user rubyman
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428610.
May 31 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Connection closed by 202.133.90.219 port 38562 [preauth]
May 31 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session closed for user root
May 31 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session closed for user root
May 31 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session closed for user samftp
May 31 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5441]: pam_unix(cron:session): session closed for user root
May 31 10:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 10:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: Failed password for root from 103.173.227.57 port 58278 ssh2
May 31 10:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6669]: Connection closed by 103.173.227.57 port 58278 [preauth]
May 31 10:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for root from 202.133.90.219 port 32988 ssh2
May 31 10:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Connection closed by 202.133.90.219 port 32988 [preauth]
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6695]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6697]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session closed for user p13x
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: Successful su for rubyman by root
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: + ??? root:rubyman
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428613 of user rubyman.
May 31 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: pam_unix(su:session): session closed for user rubyman
May 31 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428613.
May 31 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session closed for user root
May 31 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6694]: pam_unix(cron:session): session closed for user samftp
May 31 10:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Invalid user solana from 80.94.92.182
May 31 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: input_userauth_request: invalid user solana [preauth]
May 31 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5821]: pam_unix(cron:session): session closed for user root
May 31 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Failed password for invalid user solana from 80.94.92.182 port 60042 ssh2
May 31 10:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Connection closed by 80.94.92.182 port 60042 [preauth]
May 31 10:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Failed password for root from 202.133.90.219 port 58456 ssh2
May 31 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Connection closed by 202.133.90.219 port 58456 [preauth]
May 31 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7202]: pam_unix(cron:session): session closed for user p13x
May 31 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7271]: Successful su for rubyman by root
May 31 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7271]: + ??? root:rubyman
May 31 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428616 of user rubyman.
May 31 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7271]: pam_unix(su:session): session closed for user rubyman
May 31 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428616.
May 31 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4614]: pam_unix(cron:session): session closed for user root
May 31 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7203]: pam_unix(cron:session): session closed for user samftp
May 31 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session closed for user root
May 31 10:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Failed password for root from 202.133.90.219 port 59448 ssh2
May 31 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Connection closed by 202.133.90.219 port 59448 [preauth]
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session closed for user p13x
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: Successful su for rubyman by root
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: + ??? root:rubyman
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428619 of user rubyman.
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: pam_unix(su:session): session closed for user rubyman
May 31 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428619.
May 31 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5037]: pam_unix(cron:session): session closed for user root
May 31 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user samftp
May 31 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6697]: pam_unix(cron:session): session closed for user root
May 31 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: Failed password for root from 202.133.90.219 port 53148 ssh2
May 31 10:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8056]: Connection closed by 202.133.90.219 port 53148 [preauth]
May 31 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: User ftp from 185.156.73.233 not allowed because not listed in AllowUsers
May 31 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: input_userauth_request: invalid user ftp [preauth]
May 31 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=ftp
May 31 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: Failed password for invalid user ftp from 185.156.73.233 port 44424 ssh2
May 31 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: Connection closed by 185.156.73.233 port 44424 [preauth]
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8088]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8085]: pam_unix(cron:session): session closed for user p13x
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: Successful su for rubyman by root
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: + ??? root:rubyman
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428624 of user rubyman.
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: pam_unix(su:session): session closed for user rubyman
May 31 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428624.
May 31 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user root
May 31 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8086]: pam_unix(cron:session): session closed for user samftp
May 31 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7205]: pam_unix(cron:session): session closed for user root
May 31 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Failed password for root from 202.133.90.219 port 47754 ssh2
May 31 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Connection closed by 202.133.90.219 port 47754 [preauth]
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user root
May 31 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session closed for user p13x
May 31 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8555]: Successful su for rubyman by root
May 31 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8555]: + ??? root:rubyman
May 31 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428628 of user rubyman.
May 31 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8555]: pam_unix(su:session): session closed for user rubyman
May 31 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428628.
May 31 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user root
May 31 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5820]: pam_unix(cron:session): session closed for user root
May 31 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session closed for user samftp
May 31 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 10:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: Failed password for root from 147.45.199.80 port 40210 ssh2
May 31 10:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: Connection closed by 147.45.199.80 port 40210 [preauth]
May 31 10:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8811]: Failed password for root from 109.237.96.109 port 36376 ssh2
May 31 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8811]: Connection closed by 109.237.96.109 port 36376 [preauth]
May 31 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user root
May 31 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: Invalid user validator from 80.94.92.182
May 31 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: input_userauth_request: invalid user validator [preauth]
May 31 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: Failed password for invalid user validator from 80.94.92.182 port 34508 ssh2
May 31 10:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: Connection closed by 80.94.92.182 port 34508 [preauth]
May 31 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Failed password for root from 202.133.90.219 port 53532 ssh2
May 31 10:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Connection closed by 202.133.90.219 port 53532 [preauth]
May 31 10:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 10:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for root from 103.82.132.16 port 47102 ssh2
May 31 10:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Connection closed by 103.82.132.16 port 47102 [preauth]
May 31 10:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Received disconnect from 89.37.117.16 port 18756:11: disconnected by user [preauth]
May 31 10:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Disconnected from 89.37.117.16 port 18756 [preauth]
May 31 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session closed for user p13x
May 31 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: Successful su for rubyman by root
May 31 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: + ??? root:rubyman
May 31 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428633 of user rubyman.
May 31 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: pam_unix(su:session): session closed for user rubyman
May 31 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428633.
May 31 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session closed for user root
May 31 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session closed for user samftp
May 31 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8088]: pam_unix(cron:session): session closed for user root
May 31 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Failed password for root from 147.45.197.250 port 52484 ssh2
May 31 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Connection closed by 147.45.197.250 port 52484 [preauth]
May 31 10:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Failed password for root from 202.133.90.219 port 45862 ssh2
May 31 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Connection closed by 202.133.90.219 port 45862 [preauth]
May 31 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session closed for user p13x
May 31 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9391]: Successful su for rubyman by root
May 31 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9391]: + ??? root:rubyman
May 31 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428638 of user rubyman.
May 31 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9391]: pam_unix(su:session): session closed for user rubyman
May 31 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428638.
May 31 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6695]: pam_unix(cron:session): session closed for user root
May 31 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session closed for user samftp
May 31 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session closed for user root
May 31 10:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Failed password for root from 202.133.90.219 port 49080 ssh2
May 31 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Connection closed by 202.133.90.219 port 49080 [preauth]
May 31 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9719]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session closed for user p13x
May 31 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9781]: Successful su for rubyman by root
May 31 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9781]: + ??? root:rubyman
May 31 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428641 of user rubyman.
May 31 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9781]: pam_unix(su:session): session closed for user rubyman
May 31 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428641.
May 31 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7204]: pam_unix(cron:session): session closed for user root
May 31 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user samftp
May 31 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session closed for user root
May 31 10:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for root from 202.133.90.219 port 41682 ssh2
May 31 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Connection closed by 202.133.90.219 port 41682 [preauth]
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user p13x
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: Successful su for rubyman by root
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: + ??? root:rubyman
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428647 of user rubyman.
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: pam_unix(su:session): session closed for user rubyman
May 31 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428647.
May 31 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session closed for user root
May 31 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session closed for user root
May 31 10:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session closed for user samftp
May 31 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session closed for user root
May 31 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Invalid user node from 80.94.92.182
May 31 10:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: input_userauth_request: invalid user node [preauth]
May 31 10:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Failed password for root from 202.133.90.219 port 33616 ssh2
May 31 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Connection closed by 202.133.90.219 port 33616 [preauth]
May 31 10:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for invalid user node from 80.94.92.182 port 37214 ssh2
May 31 10:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Connection closed by 80.94.92.182 port 37214 [preauth]
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user root
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session closed for user p13x
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10973]: Successful su for rubyman by root
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10973]: + ??? root:rubyman
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428653 of user rubyman.
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10973]: pam_unix(su:session): session closed for user rubyman
May 31 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428653.
May 31 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session closed for user root
May 31 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session closed for user root
May 31 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10903]: pam_unix(cron:session): session closed for user samftp
May 31 10:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Did not receive identification string from 111.26.6.111
May 31 10:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session closed for user root
May 31 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Failed password for root from 202.133.90.219 port 48716 ssh2
May 31 10:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Connection closed by 202.133.90.219 port 48716 [preauth]
May 31 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 10:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: Failed password for root from 103.27.238.114 port 50308 ssh2
May 31 10:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: Connection closed by 103.27.238.114 port 50308 [preauth]
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session closed for user p13x
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11423]: Successful su for rubyman by root
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11423]: + ??? root:rubyman
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428659 of user rubyman.
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11423]: pam_unix(su:session): session closed for user rubyman
May 31 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428659.
May 31 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session closed for user root
May 31 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11351]: pam_unix(cron:session): session closed for user samftp
May 31 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 10:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for root from 94.159.98.239 port 52106 ssh2
May 31 10:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Connection closed by 94.159.98.239 port 52106 [preauth]
May 31 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session closed for user root
May 31 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Failed password for root from 202.133.90.219 port 55036 ssh2
May 31 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Connection closed by 202.133.90.219 port 55036 [preauth]
May 31 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11781]: pam_unix(cron:session): session closed for user p13x
May 31 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11860]: Successful su for rubyman by root
May 31 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11860]: + ??? root:rubyman
May 31 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428660 of user rubyman.
May 31 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11860]: pam_unix(su:session): session closed for user rubyman
May 31 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428660.
May 31 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session closed for user root
May 31 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11782]: pam_unix(cron:session): session closed for user samftp
May 31 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session closed for user root
May 31 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Failed password for root from 202.133.90.219 port 51246 ssh2
May 31 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Connection closed by 202.133.90.219 port 51246 [preauth]
May 31 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12229]: pam_unix(cron:session): session closed for user p13x
May 31 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: Successful su for rubyman by root
May 31 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: + ??? root:rubyman
May 31 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428666 of user rubyman.
May 31 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: pam_unix(su:session): session closed for user rubyman
May 31 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428666.
May 31 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session closed for user root
May 31 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12230]: pam_unix(cron:session): session closed for user samftp
May 31 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session closed for user root
May 31 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: Failed password for root from 185.236.22.41 port 36236 ssh2
May 31 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12658]: Connection closed by 185.236.22.41 port 36236 [preauth]
May 31 10:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Failed password for root from 202.133.90.219 port 33242 ssh2
May 31 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Connection closed by 202.133.90.219 port 33242 [preauth]
May 31 10:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Invalid user firedancer from 80.94.92.182
May 31 10:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: input_userauth_request: invalid user firedancer [preauth]
May 31 10:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Failed password for invalid user firedancer from 80.94.92.182 port 39964 ssh2
May 31 10:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Connection closed by 80.94.92.182 port 39964 [preauth]
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12758]: pam_unix(cron:session): session closed for user p13x
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: Successful su for rubyman by root
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: + ??? root:rubyman
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428669 of user rubyman.
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: pam_unix(su:session): session closed for user rubyman
May 31 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428669.
May 31 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9719]: pam_unix(cron:session): session closed for user root
May 31 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session closed for user samftp
May 31 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session closed for user root
May 31 10:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: Failed password for root from 202.133.90.219 port 54970 ssh2
May 31 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13099]: Connection closed by 202.133.90.219 port 54970 [preauth]
May 31 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: Invalid user manager from 185.156.73.233
May 31 10:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: input_userauth_request: invalid user manager [preauth]
May 31 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 10:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: Failed password for invalid user manager from 185.156.73.233 port 23354 ssh2
May 31 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13145]: Connection closed by 185.156.73.233 port 23354 [preauth]
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13187]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13187]: pam_unix(cron:session): session closed for user root
May 31 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session closed for user p13x
May 31 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: Successful su for rubyman by root
May 31 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: + ??? root:rubyman
May 31 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428673 of user rubyman.
May 31 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: pam_unix(su:session): session closed for user rubyman
May 31 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428673.
May 31 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13184]: pam_unix(cron:session): session closed for user root
May 31 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10383]: pam_unix(cron:session): session closed for user root
May 31 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session closed for user samftp
May 31 10:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session closed for user root
May 31 10:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Failed password for root from 202.133.90.219 port 51326 ssh2
May 31 10:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Connection closed by 202.133.90.219 port 51326 [preauth]
May 31 10:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 10:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: Failed password for root from 103.27.238.120 port 49624 ssh2
May 31 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for root from 103.27.238.116 port 44550 ssh2
May 31 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: Connection closed by 103.27.238.120 port 49624 [preauth]
May 31 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Connection closed by 103.27.238.116 port 44550 [preauth]
May 31 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13606]: pam_unix(cron:session): session closed for user p13x
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: Successful su for rubyman by root
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: + ??? root:rubyman
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428678 of user rubyman.
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: pam_unix(su:session): session closed for user rubyman
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428678.
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Invalid user kang from 67.207.84.8
May 31 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: input_userauth_request: invalid user kang [preauth]
May 31 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10905]: pam_unix(cron:session): session closed for user root
May 31 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Failed password for invalid user kang from 67.207.84.8 port 41730 ssh2
May 31 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session closed for user samftp
May 31 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Connection closed by 67.207.84.8 port 41730 [preauth]
May 31 10:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 10:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13916]: Failed password for root from 193.228.128.84 port 50934 ssh2
May 31 10:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13916]: Connection closed by 193.228.128.84 port 50934 [preauth]
May 31 10:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session closed for user root
May 31 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Failed password for root from 202.133.90.219 port 53882 ssh2
May 31 10:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Connection closed by 202.133.90.219 port 53882 [preauth]
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14021]: pam_unix(cron:session): session closed for user root
May 31 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14023]: pam_unix(cron:session): session closed for user p13x
May 31 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14083]: Successful su for rubyman by root
May 31 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14083]: + ??? root:rubyman
May 31 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428682 of user rubyman.
May 31 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14083]: pam_unix(su:session): session closed for user rubyman
May 31 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428682.
May 31 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session closed for user root
May 31 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session closed for user samftp
May 31 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Failed password for root from 202.133.90.219 port 52986 ssh2
May 31 10:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Connection closed by 202.133.90.219 port 52986 [preauth]
May 31 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session closed for user root
May 31 10:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Failed password for root from 34.128.77.56 port 41890 ssh2
May 31 10:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Received disconnect from 34.128.77.56 port 41890:11: Bye Bye [preauth]
May 31 10:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Disconnected from 34.128.77.56 port 41890 [preauth]
May 31 10:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Invalid user ubuntu from 80.94.92.182
May 31 10:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: input_userauth_request: invalid user ubuntu [preauth]
May 31 10:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Failed password for invalid user ubuntu from 80.94.92.182 port 42650 ssh2
May 31 10:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Connection closed by 80.94.92.182 port 42650 [preauth]
May 31 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14406]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session closed for user p13x
May 31 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14467]: Successful su for rubyman by root
May 31 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14467]: + ??? root:rubyman
May 31 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428687 of user rubyman.
May 31 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14467]: pam_unix(su:session): session closed for user rubyman
May 31 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428687.
May 31 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11783]: pam_unix(cron:session): session closed for user root
May 31 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session closed for user samftp
May 31 10:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May 31 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Failed password for root from 42.51.13.138 port 43584 ssh2
May 31 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Received disconnect from 42.51.13.138 port 43584:11: Bye Bye [preauth]
May 31 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Disconnected from 42.51.13.138 port 43584 [preauth]
May 31 10:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Failed password for root from 202.133.90.219 port 46382 ssh2
May 31 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Connection closed by 202.133.90.219 port 46382 [preauth]
May 31 10:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session closed for user root
May 31 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: Failed password for root from 124.81.139.214 port 52780 ssh2
May 31 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: Received disconnect from 124.81.139.214 port 52780:11: Bye Bye [preauth]
May 31 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: Disconnected from 124.81.139.214 port 52780 [preauth]
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14892]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session closed for user p13x
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: Successful su for rubyman by root
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: + ??? root:rubyman
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428691 of user rubyman.
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: pam_unix(su:session): session closed for user rubyman
May 31 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428691.
May 31 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session closed for user root
May 31 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14890]: pam_unix(cron:session): session closed for user samftp
May 31 10:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for root from 202.133.90.219 port 39942 ssh2
May 31 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Connection closed by 202.133.90.219 port 39942 [preauth]
May 31 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session closed for user root
May 31 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15247]: Failed password for root from 182.93.50.90 port 36668 ssh2
May 31 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15247]: Received disconnect from 182.93.50.90 port 36668:11: Bye Bye [preauth]
May 31 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15247]: Disconnected from 182.93.50.90 port 36668 [preauth]
May 31 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 10:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Failed password for root from 103.82.20.28 port 48558 ssh2
May 31 10:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Connection closed by 103.82.20.28 port 48558 [preauth]
May 31 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: Invalid user user from 197.5.145.150
May 31 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: input_userauth_request: invalid user user [preauth]
May 31 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user root
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session closed for user p13x
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: Failed password for invalid user user from 197.5.145.150 port 54798 ssh2
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: Received disconnect from 197.5.145.150 port 54798:11: Bye Bye [preauth]
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: Disconnected from 197.5.145.150 port 54798 [preauth]
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15368]: Successful su for rubyman by root
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15368]: + ??? root:rubyman
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428695 of user rubyman.
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15368]: pam_unix(su:session): session closed for user rubyman
May 31 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428695.
May 31 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session closed for user root
May 31 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user root
May 31 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Invalid user test from 20.244.18.126
May 31 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: input_userauth_request: invalid user test [preauth]
May 31 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126
May 31 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15304]: pam_unix(cron:session): session closed for user samftp
May 31 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Failed password for invalid user test from 20.244.18.126 port 50382 ssh2
May 31 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Received disconnect from 20.244.18.126 port 50382:11: Bye Bye [preauth]
May 31 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Disconnected from 20.244.18.126 port 50382 [preauth]
May 31 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Failed password for root from 202.133.90.219 port 50246 ssh2
May 31 10:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Connection closed by 202.133.90.219 port 50246 [preauth]
May 31 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14407]: pam_unix(cron:session): session closed for user root
May 31 10:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15719]: pam_unix(cron:session): session closed for user p13x
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: Successful su for rubyman by root
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: + ??? root:rubyman
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428702 of user rubyman.
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session closed for user rubyman
May 31 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428702.
May 31 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Failed password for root from 187.210.77.100 port 36840 ssh2
May 31 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Received disconnect from 187.210.77.100 port 36840:11: Bye Bye [preauth]
May 31 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Disconnected from 187.210.77.100 port 36840 [preauth]
May 31 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session closed for user root
May 31 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session closed for user samftp
May 31 10:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Failed password for root from 202.133.90.219 port 57808 ssh2
May 31 10:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Connection closed by 202.133.90.219 port 57808 [preauth]
May 31 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14892]: pam_unix(cron:session): session closed for user root
May 31 10:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: Failed password for root from 138.226.237.238 port 54758 ssh2
May 31 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: Received disconnect from 138.226.237.238 port 54758:11: Bye Bye [preauth]
May 31 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: Disconnected from 138.226.237.238 port 54758 [preauth]
May 31 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Invalid user ubuntu from 80.94.92.182
May 31 10:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: input_userauth_request: invalid user ubuntu [preauth]
May 31 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Failed password for invalid user ubuntu from 80.94.92.182 port 45342 ssh2
May 31 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16115]: pam_unix(cron:session): session closed for user p13x
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16175]: Successful su for rubyman by root
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16175]: + ??? root:rubyman
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428706 of user rubyman.
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16175]: pam_unix(su:session): session closed for user rubyman
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428706.
May 31 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Connection closed by 80.94.92.182 port 45342 [preauth]
May 31 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session closed for user root
May 31 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session closed for user samftp
May 31 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: Invalid user n8n from 95.85.226.199
May 31 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: input_userauth_request: invalid user n8n [preauth]
May 31 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199
May 31 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Failed password for root from 103.153.68.219 port 59322 ssh2
May 31 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Connection closed by 103.153.68.219 port 59322 [preauth]
May 31 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: Failed password for invalid user n8n from 95.85.226.199 port 55394 ssh2
May 31 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: Received disconnect from 95.85.226.199 port 55394:11: Bye Bye [preauth]
May 31 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: Disconnected from 95.85.226.199 port 55394 [preauth]
May 31 10:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Failed password for root from 197.5.145.150 port 54724 ssh2
May 31 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Received disconnect from 197.5.145.150 port 54724:11: Bye Bye [preauth]
May 31 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Disconnected from 197.5.145.150 port 54724 [preauth]
May 31 10:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Failed password for root from 202.133.90.219 port 43312 ssh2
May 31 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Connection closed by 202.133.90.219 port 43312 [preauth]
May 31 10:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user root
May 31 10:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Invalid user jacobi from 213.209.159.56
May 31 10:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: input_userauth_request: invalid user jacobi [preauth]
May 31 10:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 10:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user jacobi from 213.209.159.56 port 44283 ssh2
May 31 10:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user jacobi from 213.209.159.56 port 44283 ssh2
May 31 10:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user jacobi from 213.209.159.56 port 44283 ssh2
May 31 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user jacobi from 213.209.159.56 port 44283 ssh2
May 31 10:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user jacobi from 213.209.159.56 port 44283 ssh2
May 31 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Received disconnect from 213.209.159.56 port 44283:11: Bye [preauth]
May 31 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Disconnected from 213.209.159.56 port 44283 [preauth]
May 31 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 10:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Failed password for root from 197.5.145.150 port 34974 ssh2
May 31 10:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Received disconnect from 197.5.145.150 port 34974:11: Bye Bye [preauth]
May 31 10:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Disconnected from 197.5.145.150 port 34974 [preauth]
May 31 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user p13x
May 31 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: Successful su for rubyman by root
May 31 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: + ??? root:rubyman
May 31 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428709 of user rubyman.
May 31 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: pam_unix(su:session): session closed for user rubyman
May 31 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428709.
May 31 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session closed for user root
May 31 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user samftp
May 31 10:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Invalid user developer from 197.5.145.150
May 31 10:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: input_userauth_request: invalid user developer [preauth]
May 31 10:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150
May 31 10:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Failed password for invalid user developer from 197.5.145.150 port 40166 ssh2
May 31 10:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Received disconnect from 197.5.145.150 port 40166:11: Bye Bye [preauth]
May 31 10:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Disconnected from 197.5.145.150 port 40166 [preauth]
May 31 10:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: Failed password for root from 202.133.90.219 port 47276 ssh2
May 31 10:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: Connection closed by 202.133.90.219 port 47276 [preauth]
May 31 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session closed for user root
May 31 10:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for root from 197.5.145.150 port 39768 ssh2
May 31 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Received disconnect from 197.5.145.150 port 39768:11: Bye Bye [preauth]
May 31 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Disconnected from 197.5.145.150 port 39768 [preauth]
May 31 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Failed password for root from 37.233.85.71 port 42960 ssh2
May 31 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Connection closed by 37.233.85.71 port 42960 [preauth]
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session closed for user p13x
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: Successful su for rubyman by root
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: + ??? root:rubyman
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428715 of user rubyman.
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: pam_unix(su:session): session closed for user rubyman
May 31 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428715.
May 31 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14406]: pam_unix(cron:session): session closed for user root
May 31 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session closed for user samftp
May 31 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Invalid user lawrence from 197.5.145.150
May 31 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: input_userauth_request: invalid user lawrence [preauth]
May 31 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150
May 31 10:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Failed password for invalid user lawrence from 197.5.145.150 port 50792 ssh2
May 31 10:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Received disconnect from 197.5.145.150 port 50792:11: Bye Bye [preauth]
May 31 10:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Disconnected from 197.5.145.150 port 50792 [preauth]
May 31 10:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Failed password for root from 202.133.90.219 port 34286 ssh2
May 31 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Connection closed by 202.133.90.219 port 34286 [preauth]
May 31 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session closed for user root
May 31 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Invalid user n8n from 197.5.145.150
May 31 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: input_userauth_request: invalid user n8n [preauth]
May 31 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150
May 31 10:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Failed password for invalid user n8n from 197.5.145.150 port 38440 ssh2
May 31 10:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Received disconnect from 197.5.145.150 port 38440:11: Bye Bye [preauth]
May 31 10:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Disconnected from 197.5.145.150 port 38440 [preauth]
May 31 10:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Invalid user ubnt from 80.94.95.116
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: input_userauth_request: invalid user ubnt [preauth]
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session closed for user root
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17301]: pam_unix(cron:session): session closed for user p13x
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: Successful su for rubyman by root
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: + ??? root:rubyman
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428719 of user rubyman.
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: pam_unix(su:session): session closed for user rubyman
May 31 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428719.
May 31 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Failed password for invalid user ubnt from 80.94.95.116 port 30838 ssh2
May 31 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Connection closed by 80.94.95.116 port 30838 [preauth]
May 31 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14891]: pam_unix(cron:session): session closed for user root
May 31 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user root
May 31 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
May 31 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Invalid user test from 197.5.145.150
May 31 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: input_userauth_request: invalid user test [preauth]
May 31 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150
May 31 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session closed for user samftp
May 31 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Failed password for root from 147.45.211.215 port 55686 ssh2
May 31 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Connection closed by 147.45.211.215 port 55686 [preauth]
May 31 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Failed password for invalid user test from 197.5.145.150 port 55726 ssh2
May 31 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Received disconnect from 197.5.145.150 port 55726:11: Bye Bye [preauth]
May 31 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Disconnected from 197.5.145.150 port 55726 [preauth]
May 31 10:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 10:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: Failed password for root from 202.133.90.219 port 35564 ssh2
May 31 10:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: Connection closed by 202.133.90.219 port 35564 [preauth]
May 31 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17632]: Failed password for root from 89.223.69.22 port 53442 ssh2
May 31 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17632]: Connection closed by 89.223.69.22 port 53442 [preauth]
May 31 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user root
May 31 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Failed password for root from 197.5.145.150 port 49832 ssh2
May 31 10:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Received disconnect from 197.5.145.150 port 49832:11: Bye Bye [preauth]
May 31 10:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Disconnected from 197.5.145.150 port 49832 [preauth]
May 31 10:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Invalid user raydium from 80.94.92.182
May 31 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: input_userauth_request: invalid user raydium [preauth]
May 31 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Failed password for invalid user raydium from 80.94.92.182 port 48028 ssh2
May 31 10:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Connection closed by 80.94.92.182 port 48028 [preauth]
May 31 10:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17826]: pam_unix(cron:session): session closed for user p13x
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17902]: Successful su for rubyman by root
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17902]: + ??? root:rubyman
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428723 of user rubyman.
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17902]: pam_unix(su:session): session closed for user rubyman
May 31 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428723.
May 31 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: Failed password for root from 197.5.145.150 port 38966 ssh2
May 31 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: Received disconnect from 197.5.145.150 port 38966:11: Bye Bye [preauth]
May 31 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: Disconnected from 197.5.145.150 port 38966 [preauth]
May 31 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session closed for user root
May 31 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17829]: pam_unix(cron:session): session closed for user samftp
May 31 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Failed password for root from 189.190.200.148 port 32826 ssh2
May 31 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Received disconnect from 189.190.200.148 port 32826:11: Bye Bye [preauth]
May 31 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Disconnected from 189.190.200.148 port 32826 [preauth]
May 31 10:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Failed password for root from 197.5.145.150 port 54036 ssh2
May 31 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Received disconnect from 197.5.145.150 port 54036:11: Bye Bye [preauth]
May 31 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Disconnected from 197.5.145.150 port 54036 [preauth]
May 31 10:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Failed password for root from 202.133.90.219 port 39488 ssh2
May 31 10:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Connection closed by 202.133.90.219 port 39488 [preauth]
May 31 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session closed for user root
May 31 10:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18232]: Failed password for root from 197.5.145.150 port 47054 ssh2
May 31 10:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18232]: Received disconnect from 197.5.145.150 port 47054:11: Bye Bye [preauth]
May 31 10:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18232]: Disconnected from 197.5.145.150 port 47054 [preauth]
May 31 10:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Invalid user liang from 42.51.13.138
May 31 10:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: input_userauth_request: invalid user liang [preauth]
May 31 10:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138
May 31 10:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Failed password for invalid user liang from 42.51.13.138 port 46130 ssh2
May 31 10:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Received disconnect from 42.51.13.138 port 46130:11: Bye Bye [preauth]
May 31 10:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Disconnected from 42.51.13.138 port 46130 [preauth]
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user p13x
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18322]: Successful su for rubyman by root
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18322]: + ??? root:rubyman
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428727 of user rubyman.
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18322]: pam_unix(su:session): session closed for user rubyman
May 31 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428727.
May 31 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session closed for user root
May 31 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for root from 103.77.175.15 port 47664 ssh2
May 31 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user samftp
May 31 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Connection closed by 103.77.175.15 port 47664 [preauth]
May 31 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Invalid user testuser from 197.5.145.150
May 31 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: input_userauth_request: invalid user testuser [preauth]
May 31 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150
May 31 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Failed password for invalid user testuser from 197.5.145.150 port 43184 ssh2
May 31 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Received disconnect from 197.5.145.150 port 43184:11: Bye Bye [preauth]
May 31 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Disconnected from 197.5.145.150 port 43184 [preauth]
May 31 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Failed password for root from 202.133.90.219 port 35964 ssh2
May 31 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Connection closed by 202.133.90.219 port 35964 [preauth]
May 31 10:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user root
May 31 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: Invalid user admin from 34.128.77.56
May 31 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: input_userauth_request: invalid user admin [preauth]
May 31 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: Failed password for invalid user admin from 34.128.77.56 port 57120 ssh2
May 31 10:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: Received disconnect from 34.128.77.56 port 57120:11: Bye Bye [preauth]
May 31 10:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: Disconnected from 34.128.77.56 port 57120 [preauth]
May 31 10:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: Received disconnect from 102.129.186.123 port 44410:11: disconnected by user [preauth]
May 31 10:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18700]: Disconnected from 102.129.186.123 port 44410 [preauth]
May 31 10:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: User www-data from 197.5.145.150 not allowed because not listed in AllowUsers
May 31 10:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: input_userauth_request: invalid user www-data [preauth]
May 31 10:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=www-data
May 31 10:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Failed password for invalid user www-data from 197.5.145.150 port 56520 ssh2
May 31 10:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Received disconnect from 197.5.145.150 port 56520:11: Bye Bye [preauth]
May 31 10:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Disconnected from 197.5.145.150 port 56520 [preauth]
May 31 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18768]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18767]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18764]: pam_unix(cron:session): session closed for user p13x
May 31 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: Successful su for rubyman by root
May 31 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: + ??? root:rubyman
May 31 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428732 of user rubyman.
May 31 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: pam_unix(su:session): session closed for user rubyman
May 31 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428732.
May 31 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session closed for user root
May 31 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.150  user=root
May 31 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: Failed password for root from 197.5.145.150 port 34860 ssh2
May 31 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session closed for user samftp
May 31 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: Received disconnect from 197.5.145.150 port 34860:11: Bye Bye [preauth]
May 31 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: Disconnected from 197.5.145.150 port 34860 [preauth]
May 31 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19015]: Failed password for root from 124.81.139.214 port 33754 ssh2
May 31 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19015]: Received disconnect from 124.81.139.214 port 33754:11: Bye Bye [preauth]
May 31 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19015]: Disconnected from 124.81.139.214 port 33754 [preauth]
May 31 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Failed password for root from 95.85.226.199 port 37844 ssh2
May 31 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Received disconnect from 95.85.226.199 port 37844:11: Bye Bye [preauth]
May 31 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Disconnected from 95.85.226.199 port 37844 [preauth]
May 31 10:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Failed password for root from 202.133.90.219 port 45190 ssh2
May 31 10:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Connection closed by 202.133.90.219 port 45190 [preauth]
May 31 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17831]: pam_unix(cron:session): session closed for user root
May 31 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Received disconnect from 51.81.85.130 port 53580:11: disconnected by user [preauth]
May 31 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Disconnected from 51.81.85.130 port 53580 [preauth]
May 31 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Failed password for root from 20.244.18.126 port 45836 ssh2
May 31 10:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Received disconnect from 20.244.18.126 port 45836:11: Bye Bye [preauth]
May 31 10:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Disconnected from 20.244.18.126 port 45836 [preauth]
May 31 10:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Invalid user test from 138.226.237.238
May 31 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: input_userauth_request: invalid user test [preauth]
May 31 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238
May 31 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 10:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Failed password for invalid user test from 138.226.237.238 port 48744 ssh2
May 31 10:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Received disconnect from 138.226.237.238 port 48744:11: Bye Bye [preauth]
May 31 10:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Disconnected from 138.226.237.238 port 48744 [preauth]
May 31 10:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Failed password for root from 62.133.63.178 port 49018 ssh2
May 31 10:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19232]: Connection closed by 62.133.63.178 port 49018 [preauth]
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19289]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session closed for user p13x
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19345]: Successful su for rubyman by root
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19345]: + ??? root:rubyman
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428735 of user rubyman.
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19345]: pam_unix(su:session): session closed for user rubyman
May 31 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428735.
May 31 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May 31 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session closed for user samftp
May 31 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Failed password for root from 202.133.90.219 port 48310 ssh2
May 31 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Failed password for root from 189.190.200.148 port 42540 ssh2
May 31 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Received disconnect from 189.190.200.148 port 42540:11: Bye Bye [preauth]
May 31 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Disconnected from 189.190.200.148 port 42540 [preauth]
May 31 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: User www-data from 95.85.226.199 not allowed because not listed in AllowUsers
May 31 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: input_userauth_request: invalid user www-data [preauth]
May 31 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=www-data
May 31 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Connection closed by 202.133.90.219 port 48310 [preauth]
May 31 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for invalid user www-data from 95.85.226.199 port 52854 ssh2
May 31 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Received disconnect from 95.85.226.199 port 52854:11: Bye Bye [preauth]
May 31 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Disconnected from 95.85.226.199 port 52854 [preauth]
May 31 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: Failed password for root from 34.128.77.56 port 58316 ssh2
May 31 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: Received disconnect from 34.128.77.56 port 58316:11: Bye Bye [preauth]
May 31 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19798]: Disconnected from 34.128.77.56 port 58316 [preauth]
May 31 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user root
May 31 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: Invalid user jibs from 80.94.92.182
May 31 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: input_userauth_request: invalid user jibs [preauth]
May 31 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: Failed password for root from 124.81.139.214 port 33880 ssh2
May 31 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: Received disconnect from 124.81.139.214 port 33880:11: Bye Bye [preauth]
May 31 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19846]: Disconnected from 124.81.139.214 port 33880 [preauth]
May 31 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: Failed password for invalid user jibs from 80.94.92.182 port 50732 ssh2
May 31 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19848]: Connection closed by 80.94.92.182 port 50732 [preauth]
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19916]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19915]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19917]: pam_unix(cron:session): session closed for user root
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19912]: pam_unix(cron:session): session closed for user p13x
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19982]: Successful su for rubyman by root
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19982]: + ??? root:rubyman
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428739 of user rubyman.
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19982]: pam_unix(su:session): session closed for user rubyman
May 31 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428739.
May 31 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16903]: pam_unix(cron:session): session closed for user root
May 31 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19914]: pam_unix(cron:session): session closed for user root
May 31 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19913]: pam_unix(cron:session): session closed for user samftp
May 31 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Failed password for root from 20.244.18.126 port 35476 ssh2
May 31 10:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Received disconnect from 20.244.18.126 port 35476:11: Bye Bye [preauth]
May 31 10:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Disconnected from 20.244.18.126 port 35476 [preauth]
May 31 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: Failed password for root from 138.226.237.238 port 35058 ssh2
May 31 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: Received disconnect from 138.226.237.238 port 35058:11: Bye Bye [preauth]
May 31 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: Disconnected from 138.226.237.238 port 35058 [preauth]
May 31 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Failed password for root from 87.251.79.125 port 35600 ssh2
May 31 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Connection closed by 87.251.79.125 port 35600 [preauth]
May 31 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Failed password for root from 202.133.90.219 port 36458 ssh2
May 31 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Connection closed by 202.133.90.219 port 36458 [preauth]
May 31 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18768]: pam_unix(cron:session): session closed for user root
May 31 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Failed password for root from 95.85.226.199 port 33784 ssh2
May 31 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Received disconnect from 95.85.226.199 port 33784:11: Bye Bye [preauth]
May 31 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Disconnected from 95.85.226.199 port 33784 [preauth]
May 31 10:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Invalid user testuser from 189.190.200.148
May 31 10:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: input_userauth_request: invalid user testuser [preauth]
May 31 10:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148
May 31 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Failed password for invalid user testuser from 189.190.200.148 port 58150 ssh2
May 31 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Received disconnect from 189.190.200.148 port 58150:11: Bye Bye [preauth]
May 31 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Disconnected from 189.190.200.148 port 58150 [preauth]
May 31 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Connection closed by 194.59.206.2 port 59502 [preauth]
May 31 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session closed for user p13x
May 31 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20524]: Successful su for rubyman by root
May 31 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20524]: + ??? root:rubyman
May 31 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428747 of user rubyman.
May 31 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20524]: pam_unix(su:session): session closed for user rubyman
May 31 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428747.
May 31 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session closed for user root
May 31 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20453]: pam_unix(cron:session): session closed for user samftp
May 31 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Invalid user user from 124.81.139.214
May 31 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: input_userauth_request: invalid user user [preauth]
May 31 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214
May 31 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for invalid user user from 124.81.139.214 port 50004 ssh2
May 31 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Received disconnect from 124.81.139.214 port 50004:11: Bye Bye [preauth]
May 31 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Disconnected from 124.81.139.214 port 50004 [preauth]
May 31 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: Failed password for root from 34.128.77.56 port 42192 ssh2
May 31 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: Received disconnect from 34.128.77.56 port 42192:11: Bye Bye [preauth]
May 31 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: Disconnected from 34.128.77.56 port 42192 [preauth]
May 31 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Failed password for root from 202.133.90.219 port 42544 ssh2
May 31 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Connection closed by 202.133.90.219 port 42544 [preauth]
May 31 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Invalid user testuser from 138.226.237.238
May 31 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: input_userauth_request: invalid user testuser [preauth]
May 31 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238
May 31 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Failed password for invalid user testuser from 138.226.237.238 port 48944 ssh2
May 31 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Received disconnect from 138.226.237.238 port 48944:11: Bye Bye [preauth]
May 31 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Disconnected from 138.226.237.238 port 48944 [preauth]
May 31 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19289]: pam_unix(cron:session): session closed for user root
May 31 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for root from 194.113.233.25 port 51454 ssh2
May 31 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Connection closed by 194.113.233.25 port 51454 [preauth]
May 31 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Failed password for root from 20.244.18.126 port 52552 ssh2
May 31 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Received disconnect from 20.244.18.126 port 52552:11: Bye Bye [preauth]
May 31 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Disconnected from 20.244.18.126 port 52552 [preauth]
May 31 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20964]: pam_unix(cron:session): session closed for user p13x
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21031]: Successful su for rubyman by root
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21031]: + ??? root:rubyman
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428749 of user rubyman.
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21031]: pam_unix(su:session): session closed for user rubyman
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428749.
May 31 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17830]: pam_unix(cron:session): session closed for user root
May 31 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Failed password for root from 95.85.226.199 port 42322 ssh2
May 31 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Received disconnect from 95.85.226.199 port 42322:11: Bye Bye [preauth]
May 31 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Disconnected from 95.85.226.199 port 42322 [preauth]
May 31 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session closed for user samftp
May 31 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: Failed password for root from 189.190.200.148 port 43922 ssh2
May 31 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: Received disconnect from 189.190.200.148 port 43922:11: Bye Bye [preauth]
May 31 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: Disconnected from 189.190.200.148 port 43922 [preauth]
May 31 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Failed password for root from 202.133.90.219 port 40896 ssh2
May 31 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Connection closed by 202.133.90.219 port 40896 [preauth]
May 31 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19916]: pam_unix(cron:session): session closed for user root
May 31 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Failed password for root from 138.226.237.238 port 39314 ssh2
May 31 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Received disconnect from 138.226.237.238 port 39314:11: Bye Bye [preauth]
May 31 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Disconnected from 138.226.237.238 port 39314 [preauth]
May 31 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Invalid user testuser from 124.81.139.214
May 31 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: input_userauth_request: invalid user testuser [preauth]
May 31 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214
May 31 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Failed password for invalid user testuser from 124.81.139.214 port 59804 ssh2
May 31 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Received disconnect from 124.81.139.214 port 59804:11: Bye Bye [preauth]
May 31 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Disconnected from 124.81.139.214 port 59804 [preauth]
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session closed for user p13x
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21449]: Successful su for rubyman by root
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21449]: + ??? root:rubyman
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428753 of user rubyman.
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21449]: pam_unix(su:session): session closed for user rubyman
May 31 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428753.
May 31 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session closed for user root
May 31 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session closed for user samftp
May 31 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Failed password for root from 34.128.77.56 port 36216 ssh2
May 31 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Received disconnect from 34.128.77.56 port 36216:11: Bye Bye [preauth]
May 31 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Disconnected from 34.128.77.56 port 36216 [preauth]
May 31 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Invalid user testuser from 95.85.226.199
May 31 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: input_userauth_request: invalid user testuser [preauth]
May 31 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199
May 31 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Invalid user lawrence from 20.244.18.126
May 31 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: input_userauth_request: invalid user lawrence [preauth]
May 31 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126
May 31 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for invalid user testuser from 95.85.226.199 port 35012 ssh2
May 31 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Received disconnect from 95.85.226.199 port 35012:11: Bye Bye [preauth]
May 31 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Disconnected from 95.85.226.199 port 35012 [preauth]
May 31 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Failed password for invalid user lawrence from 20.244.18.126 port 47842 ssh2
May 31 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Received disconnect from 20.244.18.126 port 47842:11: Bye Bye [preauth]
May 31 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Disconnected from 20.244.18.126 port 47842 [preauth]
May 31 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Failed password for root from 202.133.90.219 port 58908 ssh2
May 31 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Connection closed by 202.133.90.219 port 58908 [preauth]
May 31 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20459]: pam_unix(cron:session): session closed for user root
May 31 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Invalid user admin from 189.190.200.148
May 31 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: input_userauth_request: invalid user admin [preauth]
May 31 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148
May 31 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Failed password for invalid user admin from 189.190.200.148 port 49342 ssh2
May 31 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Received disconnect from 189.190.200.148 port 49342:11: Bye Bye [preauth]
May 31 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Disconnected from 189.190.200.148 port 49342 [preauth]
May 31 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: Invalid user 3d from 80.94.92.182
May 31 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: input_userauth_request: invalid user 3d [preauth]
May 31 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: Failed password for invalid user 3d from 80.94.92.182 port 53434 ssh2
May 31 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: Connection closed by 80.94.92.182 port 53434 [preauth]
May 31 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: Failed password for root from 138.226.237.238 port 56276 ssh2
May 31 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: Received disconnect from 138.226.237.238 port 56276:11: Bye Bye [preauth]
May 31 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: Disconnected from 138.226.237.238 port 56276 [preauth]
May 31 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21811]: pam_unix(cron:session): session closed for user p13x
May 31 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: Successful su for rubyman by root
May 31 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: + ??? root:rubyman
May 31 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428757 of user rubyman.
May 31 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: pam_unix(su:session): session closed for user rubyman
May 31 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428757.
May 31 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18767]: pam_unix(cron:session): session closed for user root
May 31 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21812]: pam_unix(cron:session): session closed for user samftp
May 31 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Invalid user developer from 124.81.139.214
May 31 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: input_userauth_request: invalid user developer [preauth]
May 31 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214
May 31 10:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for invalid user developer from 124.81.139.214 port 48342 ssh2
May 31 10:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Received disconnect from 124.81.139.214 port 48342:11: Bye Bye [preauth]
May 31 10:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Disconnected from 124.81.139.214 port 48342 [preauth]
May 31 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for root from 202.133.90.219 port 56464 ssh2
May 31 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Connection closed by 202.133.90.219 port 56464 [preauth]
May 31 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user root
May 31 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for root from 95.85.226.199 port 54752 ssh2
May 31 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Received disconnect from 95.85.226.199 port 54752:11: Bye Bye [preauth]
May 31 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Disconnected from 95.85.226.199 port 54752 [preauth]
May 31 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22200]: Failed password for root from 34.128.77.56 port 53490 ssh2
May 31 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22200]: Received disconnect from 34.128.77.56 port 53490:11: Bye Bye [preauth]
May 31 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22200]: Disconnected from 34.128.77.56 port 53490 [preauth]
May 31 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: User www-data from 138.226.237.238 not allowed because not listed in AllowUsers
May 31 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: input_userauth_request: invalid user www-data [preauth]
May 31 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=www-data
May 31 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session closed for user root
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session closed for user p13x
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: Failed password for root from 20.244.18.126 port 38850 ssh2
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: Received disconnect from 20.244.18.126 port 38850:11: Bye Bye [preauth]
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: Disconnected from 20.244.18.126 port 38850 [preauth]
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22296]: Successful su for rubyman by root
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22296]: + ??? root:rubyman
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428763 of user rubyman.
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22296]: pam_unix(su:session): session closed for user rubyman
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428763.
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Failed password for invalid user www-data from 138.226.237.238 port 35964 ssh2
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Received disconnect from 138.226.237.238 port 35964:11: Bye Bye [preauth]
May 31 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Disconnected from 138.226.237.238 port 35964 [preauth]
May 31 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session closed for user root
May 31 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session closed for user root
May 31 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Invalid user postmaster from 189.190.200.148
May 31 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: input_userauth_request: invalid user postmaster [preauth]
May 31 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148
May 31 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: User sshd from 185.156.73.233 not allowed because not listed in AllowUsers
May 31 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: input_userauth_request: invalid user sshd [preauth]
May 31 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22225]: pam_unix(cron:session): session closed for user samftp
May 31 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Failed none for invalid user sshd from 185.156.73.233 port 54368 ssh2
May 31 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Connection closed by 185.156.73.233 port 54368 [preauth]
May 31 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Failed password for invalid user postmaster from 189.190.200.148 port 37624 ssh2
May 31 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Received disconnect from 189.190.200.148 port 37624:11: Bye Bye [preauth]
May 31 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Disconnected from 189.190.200.148 port 37624 [preauth]
May 31 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Invalid user anton from 182.93.50.90
May 31 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: input_userauth_request: invalid user anton [preauth]
May 31 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90
May 31 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Failed password for invalid user anton from 182.93.50.90 port 48794 ssh2
May 31 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Received disconnect from 182.93.50.90 port 48794:11: Bye Bye [preauth]
May 31 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Disconnected from 182.93.50.90 port 48794 [preauth]
May 31 10:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user root
May 31 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Failed password for root from 202.133.90.219 port 42236 ssh2
May 31 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Connection closed by 202.133.90.219 port 42236 [preauth]
May 31 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Invalid user test from 95.85.226.199
May 31 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: input_userauth_request: invalid user test [preauth]
May 31 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199
May 31 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 95.85.226.199 port 52662 ssh2
May 31 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Received disconnect from 95.85.226.199 port 52662:11: Bye Bye [preauth]
May 31 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Disconnected from 95.85.226.199 port 52662 [preauth]
May 31 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: Failed password for root from 124.81.139.214 port 45792 ssh2
May 31 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: Received disconnect from 124.81.139.214 port 45792:11: Bye Bye [preauth]
May 31 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: Disconnected from 124.81.139.214 port 45792 [preauth]
May 31 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Failed password for root from 187.210.77.100 port 50790 ssh2
May 31 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Received disconnect from 187.210.77.100 port 50790:11: Bye Bye [preauth]
May 31 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Disconnected from 187.210.77.100 port 50790 [preauth]
May 31 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22658]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22657]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22655]: pam_unix(cron:session): session closed for user p13x
May 31 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22720]: Successful su for rubyman by root
May 31 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22720]: + ??? root:rubyman
May 31 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428768 of user rubyman.
May 31 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22720]: pam_unix(su:session): session closed for user rubyman
May 31 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428768.
May 31 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19915]: pam_unix(cron:session): session closed for user root
May 31 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22656]: pam_unix(cron:session): session closed for user samftp
May 31 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Invalid user user from 138.226.237.238
May 31 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: input_userauth_request: invalid user user [preauth]
May 31 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238
May 31 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22903]: Failed password for root from 109.172.54.111 port 38586 ssh2
May 31 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22903]: Connection closed by 109.172.54.111 port 38586 [preauth]
May 31 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Failed password for invalid user user from 138.226.237.238 port 41548 ssh2
May 31 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Received disconnect from 138.226.237.238 port 41548:11: Bye Bye [preauth]
May 31 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Disconnected from 138.226.237.238 port 41548 [preauth]
May 31 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.187.90.131  user=root
May 31 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Failed password for root from 173.187.90.131 port 38849 ssh2
May 31 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Connection closed by 173.187.90.131 port 38849 [preauth]
May 31 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for root from 189.190.200.148 port 49592 ssh2
May 31 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Received disconnect from 189.190.200.148 port 49592:11: Bye Bye [preauth]
May 31 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Disconnected from 189.190.200.148 port 49592 [preauth]
May 31 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21814]: pam_unix(cron:session): session closed for user root
May 31 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Failed password for root from 202.133.90.219 port 53950 ssh2
May 31 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Connection closed by 202.133.90.219 port 53950 [preauth]
May 31 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Invalid user work from 34.128.77.56
May 31 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: input_userauth_request: invalid user work [preauth]
May 31 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Failed password for invalid user work from 34.128.77.56 port 57236 ssh2
May 31 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Received disconnect from 34.128.77.56 port 57236:11: Bye Bye [preauth]
May 31 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Disconnected from 34.128.77.56 port 57236 [preauth]
May 31 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23011]: Failed password for root from 20.244.18.126 port 38456 ssh2
May 31 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23011]: Received disconnect from 20.244.18.126 port 38456:11: Bye Bye [preauth]
May 31 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23011]: Disconnected from 20.244.18.126 port 38456 [preauth]
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23061]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session closed for user p13x
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23115]: Successful su for rubyman by root
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23115]: + ??? root:rubyman
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428771 of user rubyman.
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23115]: pam_unix(su:session): session closed for user rubyman
May 31 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428771.
May 31 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session closed for user root
May 31 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Failed password for root from 95.85.226.199 port 53676 ssh2
May 31 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Received disconnect from 95.85.226.199 port 53676:11: Bye Bye [preauth]
May 31 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Disconnected from 95.85.226.199 port 53676 [preauth]
May 31 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session closed for user samftp
May 31 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: Invalid user test from 124.81.139.214
May 31 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: input_userauth_request: invalid user test [preauth]
May 31 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214
May 31 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: Failed password for invalid user test from 124.81.139.214 port 43010 ssh2
May 31 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: Received disconnect from 124.81.139.214 port 43010:11: Bye Bye [preauth]
May 31 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23349]: Disconnected from 124.81.139.214 port 43010 [preauth]
May 31 10:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Invalid user developer from 138.226.237.238
May 31 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: input_userauth_request: invalid user developer [preauth]
May 31 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238
May 31 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Failed password for invalid user developer from 138.226.237.238 port 52204 ssh2
May 31 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Received disconnect from 138.226.237.238 port 52204:11: Bye Bye [preauth]
May 31 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Disconnected from 138.226.237.238 port 52204 [preauth]
May 31 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: Failed password for root from 202.133.90.219 port 60784 ssh2
May 31 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session closed for user root
May 31 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: Connection closed by 202.133.90.219 port 60784 [preauth]
May 31 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Failed password for root from 80.66.85.226 port 52472 ssh2
May 31 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Connection closed by 80.66.85.226 port 52472 [preauth]
May 31 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: Failed password for root from 182.93.50.90 port 39496 ssh2
May 31 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: Received disconnect from 182.93.50.90 port 39496:11: Bye Bye [preauth]
May 31 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: Disconnected from 182.93.50.90 port 39496 [preauth]
May 31 10:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Failed password for root from 189.190.200.148 port 58128 ssh2
May 31 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Received disconnect from 189.190.200.148 port 58128:11: Bye Bye [preauth]
May 31 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Disconnected from 189.190.200.148 port 58128 [preauth]
May 31 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 10:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Failed password for root from 103.176.20.57 port 33728 ssh2
May 31 10:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Connection closed by 103.176.20.57 port 33728 [preauth]
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23487]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23486]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23484]: pam_unix(cron:session): session closed for user p13x
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: Successful su for rubyman by root
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: + ??? root:rubyman
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428775 of user rubyman.
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: pam_unix(su:session): session closed for user rubyman
May 31 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428775.
May 31 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Received disconnect from 104.194.9.81 port 60458:11: disconnected by user [preauth]
May 31 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Disconnected from 104.194.9.81 port 60458 [preauth]
May 31 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session closed for user root
May 31 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23485]: pam_unix(cron:session): session closed for user samftp
May 31 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: Invalid user ps from 80.94.92.182
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: input_userauth_request: invalid user ps [preauth]
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Failed password for root from 103.122.221.179 port 59252 ssh2
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Connection closed by 103.122.221.179 port 59252 [preauth]
May 31 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Failed password for root from 62.133.62.83 port 46888 ssh2
May 31 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Connection closed by 62.133.62.83 port 46888 [preauth]
May 31 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: Failed password for invalid user ps from 80.94.92.182 port 56106 ssh2
May 31 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23764]: Connection closed by 80.94.92.182 port 56106 [preauth]
May 31 10:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Invalid user user from 95.85.226.199
May 31 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: input_userauth_request: invalid user user [preauth]
May 31 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199
May 31 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Failed password for invalid user user from 95.85.226.199 port 53480 ssh2
May 31 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Received disconnect from 95.85.226.199 port 53480:11: Bye Bye [preauth]
May 31 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Disconnected from 95.85.226.199 port 53480 [preauth]
May 31 10:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: Invalid user scan from 173.254.234.162
May 31 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: input_userauth_request: invalid user scan [preauth]
May 31 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: Failed password for invalid user scan from 173.254.234.162 port 40536 ssh2
May 31 10:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23810]: Connection closed by 173.254.234.162 port 40536 [preauth]
May 31 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Failed password for root from 20.244.18.126 port 35938 ssh2
May 31 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Received disconnect from 20.244.18.126 port 35938:11: Bye Bye [preauth]
May 31 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Disconnected from 20.244.18.126 port 35938 [preauth]
May 31 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: Invalid user jenkins from 34.128.77.56
May 31 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: input_userauth_request: invalid user jenkins [preauth]
May 31 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: Failed password for invalid user jenkins from 34.128.77.56 port 39916 ssh2
May 31 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: Received disconnect from 34.128.77.56 port 39916:11: Bye Bye [preauth]
May 31 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23826]: Disconnected from 34.128.77.56 port 39916 [preauth]
May 31 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22658]: pam_unix(cron:session): session closed for user root
May 31 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Failed password for root from 202.133.90.219 port 37004 ssh2
May 31 10:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Connection closed by 202.133.90.219 port 37004 [preauth]
May 31 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Failed password for root from 138.226.237.238 port 44638 ssh2
May 31 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Received disconnect from 138.226.237.238 port 44638:11: Bye Bye [preauth]
May 31 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Disconnected from 138.226.237.238 port 44638 [preauth]
May 31 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Received disconnect from 198.38.85.149 port 55364:11: disconnected by user [preauth]
May 31 10:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Disconnected from 198.38.85.149 port 55364 [preauth]
May 31 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Failed password for root from 187.210.77.100 port 58280 ssh2
May 31 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Received disconnect from 187.210.77.100 port 58280:11: Bye Bye [preauth]
May 31 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Disconnected from 187.210.77.100 port 58280 [preauth]
May 31 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Failed password for root from 124.81.139.214 port 35684 ssh2
May 31 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Received disconnect from 124.81.139.214 port 35684:11: Bye Bye [preauth]
May 31 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Disconnected from 124.81.139.214 port 35684 [preauth]
May 31 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 10:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for root from 38.93.206.2 port 54152 ssh2
May 31 10:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 38.93.206.2 port 54152 [preauth]
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24015]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24017]: pam_unix(cron:session): session closed for user p13x
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: Successful su for rubyman by root
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: + ??? root:rubyman
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428779 of user rubyman.
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session closed for user rubyman
May 31 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428779.
May 31 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24015]: pam_unix(cron:session): session closed for user root
May 31 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user root
May 31 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24018]: pam_unix(cron:session): session closed for user samftp
May 31 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Failed password for root from 189.190.200.148 port 40530 ssh2
May 31 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Received disconnect from 189.190.200.148 port 40530:11: Bye Bye [preauth]
May 31 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Disconnected from 189.190.200.148 port 40530 [preauth]
May 31 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23061]: pam_unix(cron:session): session closed for user root
May 31 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Failed password for root from 202.133.90.219 port 39752 ssh2
May 31 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Connection closed by 202.133.90.219 port 39752 [preauth]
May 31 10:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Failed password for root from 95.85.226.199 port 33670 ssh2
May 31 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Received disconnect from 95.85.226.199 port 33670:11: Bye Bye [preauth]
May 31 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Disconnected from 95.85.226.199 port 33670 [preauth]
May 31 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Failed password for root from 138.226.237.238 port 45376 ssh2
May 31 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Received disconnect from 138.226.237.238 port 45376:11: Bye Bye [preauth]
May 31 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Disconnected from 138.226.237.238 port 45376 [preauth]
May 31 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24544]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24542]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24544]: pam_unix(cron:session): session closed for user root
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24539]: pam_unix(cron:session): session closed for user p13x
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Invalid user postmaster from 182.93.50.90
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: input_userauth_request: invalid user postmaster [preauth]
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24617]: Successful su for rubyman by root
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24617]: + ??? root:rubyman
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428786 of user rubyman.
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24617]: pam_unix(su:session): session closed for user rubyman
May 31 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428786.
May 31 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Failed password for root from 77.94.47.83 port 53410 ssh2
May 31 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Connection closed by 77.94.47.83 port 53410 [preauth]
May 31 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session closed for user root
May 31 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Failed password for invalid user postmaster from 182.93.50.90 port 55462 ssh2
May 31 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Received disconnect from 182.93.50.90 port 55462:11: Bye Bye [preauth]
May 31 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Disconnected from 182.93.50.90 port 55462 [preauth]
May 31 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session closed for user root
May 31 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24540]: pam_unix(cron:session): session closed for user samftp
May 31 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Failed password for root from 20.244.18.126 port 33422 ssh2
May 31 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Received disconnect from 20.244.18.126 port 33422:11: Bye Bye [preauth]
May 31 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Disconnected from 20.244.18.126 port 33422 [preauth]
May 31 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Invalid user tony from 34.128.77.56
May 31 10:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: input_userauth_request: invalid user tony [preauth]
May 31 10:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Failed password for invalid user tony from 34.128.77.56 port 33352 ssh2
May 31 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Received disconnect from 34.128.77.56 port 33352:11: Bye Bye [preauth]
May 31 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24853]: Disconnected from 34.128.77.56 port 33352 [preauth]
May 31 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Failed password for root from 124.81.139.214 port 43200 ssh2
May 31 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Received disconnect from 124.81.139.214 port 43200:11: Bye Bye [preauth]
May 31 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Disconnected from 124.81.139.214 port 43200 [preauth]
May 31 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23487]: pam_unix(cron:session): session closed for user root
May 31 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: Failed password for root from 202.133.90.219 port 58082 ssh2
May 31 10:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: Connection closed by 202.133.90.219 port 58082 [preauth]
May 31 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Failed password for root from 189.190.200.148 port 35332 ssh2
May 31 10:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Received disconnect from 189.190.200.148 port 35332:11: Bye Bye [preauth]
May 31 10:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Disconnected from 189.190.200.148 port 35332 [preauth]
May 31 10:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for root from 95.85.226.199 port 44258 ssh2
May 31 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Received disconnect from 95.85.226.199 port 44258:11: Bye Bye [preauth]
May 31 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Disconnected from 95.85.226.199 port 44258 [preauth]
May 31 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25011]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25007]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25005]: pam_unix(cron:session): session closed for user p13x
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: Successful su for rubyman by root
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: + ??? root:rubyman
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428790 of user rubyman.
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25083]: pam_unix(su:session): session closed for user rubyman
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428790.
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Failed password for root from 138.226.237.238 port 53556 ssh2
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Received disconnect from 138.226.237.238 port 53556:11: Bye Bye [preauth]
May 31 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Disconnected from 138.226.237.238 port 53556 [preauth]
May 31 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session closed for user root
May 31 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25006]: pam_unix(cron:session): session closed for user samftp
May 31 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24021]: pam_unix(cron:session): session closed for user root
May 31 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Failed password for root from 202.133.90.219 port 39796 ssh2
May 31 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Connection closed by 202.133.90.219 port 39796 [preauth]
May 31 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25351]: Failed password for root from 187.210.77.100 port 37222 ssh2
May 31 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25351]: Received disconnect from 187.210.77.100 port 37222:11: Bye Bye [preauth]
May 31 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25351]: Disconnected from 187.210.77.100 port 37222 [preauth]
May 31 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Invalid user user from 20.244.18.126
May 31 10:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: input_userauth_request: invalid user user [preauth]
May 31 10:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126
May 31 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Failed password for invalid user user from 20.244.18.126 port 59104 ssh2
May 31 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Received disconnect from 20.244.18.126 port 59104:11: Bye Bye [preauth]
May 31 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Disconnected from 20.244.18.126 port 59104 [preauth]
May 31 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Invalid user zhao from 34.128.77.56
May 31 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: input_userauth_request: invalid user zhao [preauth]
May 31 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25394]: Failed password for root from 124.81.139.214 port 55332 ssh2
May 31 10:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25394]: Received disconnect from 124.81.139.214 port 55332:11: Bye Bye [preauth]
May 31 10:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25394]: Disconnected from 124.81.139.214 port 55332 [preauth]
May 31 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Failed password for invalid user zhao from 34.128.77.56 port 55396 ssh2
May 31 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Received disconnect from 34.128.77.56 port 55396:11: Bye Bye [preauth]
May 31 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Disconnected from 34.128.77.56 port 55396 [preauth]
May 31 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Failed password for root from 189.190.200.148 port 59986 ssh2
May 31 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Received disconnect from 189.190.200.148 port 59986:11: Bye Bye [preauth]
May 31 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Disconnected from 189.190.200.148 port 59986 [preauth]
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25418]: pam_unix(cron:session): session closed for user p13x
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25480]: Successful su for rubyman by root
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25480]: + ??? root:rubyman
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428794 of user rubyman.
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25480]: pam_unix(su:session): session closed for user rubyman
May 31 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428794.
May 31 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22657]: pam_unix(cron:session): session closed for user root
May 31 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25419]: pam_unix(cron:session): session closed for user samftp
May 31 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238  user=root
May 31 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: Invalid user lawrence from 95.85.226.199
May 31 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: input_userauth_request: invalid user lawrence [preauth]
May 31 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199
May 31 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Failed password for root from 138.226.237.238 port 37064 ssh2
May 31 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Received disconnect from 138.226.237.238 port 37064:11: Bye Bye [preauth]
May 31 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Disconnected from 138.226.237.238 port 37064 [preauth]
May 31 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: Failed password for invalid user lawrence from 95.85.226.199 port 60208 ssh2
May 31 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: Received disconnect from 95.85.226.199 port 60208:11: Bye Bye [preauth]
May 31 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25671]: Disconnected from 95.85.226.199 port 60208 [preauth]
May 31 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Failed password for root from 182.93.50.90 port 45750 ssh2
May 31 10:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Received disconnect from 182.93.50.90 port 45750:11: Bye Bye [preauth]
May 31 10:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Disconnected from 182.93.50.90 port 45750 [preauth]
May 31 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session closed for user root
May 31 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: Failed password for root from 202.133.90.219 port 54140 ssh2
May 31 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: Connection closed by 202.133.90.219 port 54140 [preauth]
May 31 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Invalid user sol from 80.94.92.182
May 31 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: input_userauth_request: invalid user sol [preauth]
May 31 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Failed password for invalid user sol from 80.94.92.182 port 58824 ssh2
May 31 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Connection closed by 80.94.92.182 port 58824 [preauth]
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25827]: pam_unix(cron:session): session closed for user p13x
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25886]: Successful su for rubyman by root
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25886]: + ??? root:rubyman
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428800 of user rubyman.
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25886]: pam_unix(su:session): session closed for user rubyman
May 31 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428800.
May 31 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session closed for user root
May 31 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user samftp
May 31 10:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Failed password for root from 103.149.170.125 port 48316 ssh2
May 31 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Connection closed by 103.149.170.125 port 48316 [preauth]
May 31 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Invalid user openeuler from 189.190.200.148
May 31 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: input_userauth_request: invalid user openeuler [preauth]
May 31 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148
May 31 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Invalid user n8n from 138.226.237.238
May 31 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: input_userauth_request: invalid user n8n [preauth]
May 31 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238
May 31 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Failed password for invalid user openeuler from 189.190.200.148 port 44600 ssh2
May 31 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Received disconnect from 189.190.200.148 port 44600:11: Bye Bye [preauth]
May 31 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Disconnected from 189.190.200.148 port 44600 [preauth]
May 31 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Failed password for invalid user n8n from 138.226.237.238 port 60818 ssh2
May 31 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Received disconnect from 138.226.237.238 port 60818:11: Bye Bye [preauth]
May 31 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Disconnected from 138.226.237.238 port 60818 [preauth]
May 31 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: User www-data from 124.81.139.214 not allowed because not listed in AllowUsers
May 31 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: input_userauth_request: invalid user www-data [preauth]
May 31 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=www-data
May 31 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199  user=root
May 31 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=root
May 31 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: Failed password for invalid user www-data from 124.81.139.214 port 49888 ssh2
May 31 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: Received disconnect from 124.81.139.214 port 49888:11: Bye Bye [preauth]
May 31 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: Disconnected from 124.81.139.214 port 49888 [preauth]
May 31 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Failed password for root from 95.85.226.199 port 47088 ssh2
May 31 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Received disconnect from 95.85.226.199 port 47088:11: Bye Bye [preauth]
May 31 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Disconnected from 95.85.226.199 port 47088 [preauth]
May 31 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for root from 20.244.18.126 port 44232 ssh2
May 31 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Received disconnect from 20.244.18.126 port 44232:11: Bye Bye [preauth]
May 31 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Disconnected from 20.244.18.126 port 44232 [preauth]
May 31 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25011]: pam_unix(cron:session): session closed for user root
May 31 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Failed password for root from 202.133.90.219 port 39660 ssh2
May 31 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Connection closed by 202.133.90.219 port 39660 [preauth]
May 31 10:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26179]: Failed password for root from 34.128.77.56 port 60478 ssh2
May 31 10:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26179]: Received disconnect from 34.128.77.56 port 60478:11: Bye Bye [preauth]
May 31 10:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26179]: Disconnected from 34.128.77.56 port 60478 [preauth]
May 31 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user p13x
May 31 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26292]: Successful su for rubyman by root
May 31 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26292]: + ??? root:rubyman
May 31 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428802 of user rubyman.
May 31 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26292]: pam_unix(su:session): session closed for user rubyman
May 31 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428802.
May 31 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23486]: pam_unix(cron:session): session closed for user root
May 31 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user samftp
May 31 10:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Failed password for root from 187.210.77.100 port 56390 ssh2
May 31 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Received disconnect from 187.210.77.100 port 56390:11: Bye Bye [preauth]
May 31 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Disconnected from 187.210.77.100 port 56390 [preauth]
May 31 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25421]: pam_unix(cron:session): session closed for user root
May 31 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Invalid user lawrence from 138.226.237.238
May 31 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: input_userauth_request: invalid user lawrence [preauth]
May 31 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.226.237.238
May 31 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Failed password for invalid user lawrence from 138.226.237.238 port 53926 ssh2
May 31 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Received disconnect from 138.226.237.238 port 53926:11: Bye Bye [preauth]
May 31 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Disconnected from 138.226.237.238 port 53926 [preauth]
May 31 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Failed password for root from 202.133.90.219 port 48730 ssh2
May 31 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Connection closed by 202.133.90.219 port 48730 [preauth]
May 31 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Invalid user anton from 189.190.200.148
May 31 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: input_userauth_request: invalid user anton [preauth]
May 31 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148
May 31 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Invalid user user from 2.57.121.25
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: input_userauth_request: invalid user user [preauth]
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for invalid user anton from 189.190.200.148 port 43922 ssh2
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Received disconnect from 189.190.200.148 port 43922:11: Bye Bye [preauth]
May 31 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Disconnected from 189.190.200.148 port 43922 [preauth]
May 31 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Invalid user developer from 95.85.226.199
May 31 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: input_userauth_request: invalid user developer [preauth]
May 31 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.226.199
May 31 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user user from 2.57.121.25 port 19568 ssh2
May 31 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Failed password for invalid user developer from 95.85.226.199 port 55054 ssh2
May 31 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Received disconnect from 95.85.226.199 port 55054:11: Bye Bye [preauth]
May 31 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Disconnected from 95.85.226.199 port 55054 [preauth]
May 31 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user user from 2.57.121.25 port 19568 ssh2
May 31 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user user from 2.57.121.25 port 19568 ssh2
May 31 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Invalid user testuser from 182.93.50.90
May 31 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: input_userauth_request: invalid user testuser [preauth]
May 31 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90
May 31 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user user from 2.57.121.25 port 19568 ssh2
May 31 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Failed password for invalid user testuser from 182.93.50.90 port 34062 ssh2
May 31 10:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Received disconnect from 182.93.50.90 port 34062:11: Bye Bye [preauth]
May 31 10:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Disconnected from 182.93.50.90 port 34062 [preauth]
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user user from 2.57.121.25 port 19568 ssh2
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user root
May 31 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user p13x
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Received disconnect from 2.57.121.25 port 19568:11: Bye [preauth]
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Disconnected from 2.57.121.25 port 19568 [preauth]
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26799]: Successful su for rubyman by root
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26799]: + ??? root:rubyman
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428810 of user rubyman.
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26799]: pam_unix(su:session): session closed for user rubyman
May 31 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428810.
May 31 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user root
May 31 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session closed for user root
May 31 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Invalid user lawrence from 124.81.139.214
May 31 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: input_userauth_request: invalid user lawrence [preauth]
May 31 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214
May 31 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user samftp
May 31 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for invalid user lawrence from 124.81.139.214 port 36114 ssh2
May 31 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Received disconnect from 124.81.139.214 port 36114:11: Bye Bye [preauth]
May 31 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Disconnected from 124.81.139.214 port 36114 [preauth]
May 31 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: User www-data from 20.244.18.126 not allowed because not listed in AllowUsers
May 31 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: input_userauth_request: invalid user www-data [preauth]
May 31 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126  user=www-data
May 31 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: Failed password for invalid user www-data from 20.244.18.126 port 34138 ssh2
May 31 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: Received disconnect from 20.244.18.126 port 34138:11: Bye Bye [preauth]
May 31 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27004]: Disconnected from 20.244.18.126 port 34138 [preauth]
May 31 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Invalid user ubuntu from 34.128.77.56
May 31 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: input_userauth_request: invalid user ubuntu [preauth]
May 31 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Failed password for invalid user ubuntu from 34.128.77.56 port 33960 ssh2
May 31 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Received disconnect from 34.128.77.56 port 33960:11: Bye Bye [preauth]
May 31 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Disconnected from 34.128.77.56 port 33960 [preauth]
May 31 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session closed for user root
May 31 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: Failed password for root from 202.133.90.219 port 58500 ssh2
May 31 10:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: Connection closed by 202.133.90.219 port 58500 [preauth]
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27160]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session closed for user p13x
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27231]: Successful su for rubyman by root
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27231]: + ??? root:rubyman
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428813 of user rubyman.
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27231]: pam_unix(su:session): session closed for user rubyman
May 31 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428813.
May 31 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24542]: pam_unix(cron:session): session closed for user root
May 31 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session closed for user samftp
May 31 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148  user=root
May 31 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Failed password for root from 189.190.200.148 port 44104 ssh2
May 31 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Received disconnect from 189.190.200.148 port 44104:11: Bye Bye [preauth]
May 31 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Disconnected from 189.190.200.148 port 44104 [preauth]
May 31 10:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Invalid user admin from 185.156.73.233
May 31 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: input_userauth_request: invalid user admin [preauth]
May 31 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Failed password for invalid user admin from 185.156.73.233 port 39578 ssh2
May 31 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Connection closed by 185.156.73.233 port 39578 [preauth]
May 31 10:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session closed for user root
May 31 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27517]: Failed password for root from 202.133.90.219 port 44358 ssh2
May 31 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Invalid user n8n from 124.81.139.214
May 31 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: input_userauth_request: invalid user n8n [preauth]
May 31 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214
May 31 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27517]: Connection closed by 202.133.90.219 port 44358 [preauth]
May 31 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Failed password for invalid user n8n from 124.81.139.214 port 42878 ssh2
May 31 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Received disconnect from 124.81.139.214 port 42878:11: Bye Bye [preauth]
May 31 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Disconnected from 124.81.139.214 port 42878 [preauth]
May 31 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: Invalid user testuser from 20.244.18.126
May 31 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: input_userauth_request: invalid user testuser [preauth]
May 31 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126
May 31 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: Failed password for invalid user testuser from 20.244.18.126 port 34922 ssh2
May 31 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: Received disconnect from 20.244.18.126 port 34922:11: Bye Bye [preauth]
May 31 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27566]: Disconnected from 20.244.18.126 port 34922 [preauth]
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27598]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27596]: pam_unix(cron:session): session closed for user p13x
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27656]: Successful su for rubyman by root
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27656]: + ??? root:rubyman
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428816 of user rubyman.
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27656]: pam_unix(su:session): session closed for user rubyman
May 31 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428816.
May 31 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25007]: pam_unix(cron:session): session closed for user root
May 31 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27597]: pam_unix(cron:session): session closed for user samftp
May 31 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Invalid user sol from 80.94.92.182
May 31 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: input_userauth_request: invalid user sol [preauth]
May 31 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Failed password for invalid user sol from 80.94.92.182 port 33282 ssh2
May 31 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Connection closed by 80.94.92.182 port 33282 [preauth]
May 31 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: Invalid user ftpsecure from 34.128.77.56
May 31 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: input_userauth_request: invalid user ftpsecure [preauth]
May 31 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Failed password for root from 187.210.77.100 port 45946 ssh2
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: Failed password for invalid user ftpsecure from 34.128.77.56 port 35882 ssh2
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Received disconnect from 50.6.197.105 port 41256:11: disconnected by user [preauth]
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Disconnected from 50.6.197.105 port 41256 [preauth]
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Received disconnect from 187.210.77.100 port 45946:11: Bye Bye [preauth]
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Disconnected from 187.210.77.100 port 45946 [preauth]
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: Received disconnect from 34.128.77.56 port 35882:11: Bye Bye [preauth]
May 31 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27858]: Disconnected from 34.128.77.56 port 35882 [preauth]
May 31 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for root from 182.93.50.90 port 48420 ssh2
May 31 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Received disconnect from 182.93.50.90 port 48420:11: Bye Bye [preauth]
May 31 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Disconnected from 182.93.50.90 port 48420 [preauth]
May 31 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user root
May 31 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Failed password for root from 202.133.90.219 port 49522 ssh2
May 31 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Connection closed by 202.133.90.219 port 49522 [preauth]
May 31 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Invalid user vaibhav from 189.190.200.148
May 31 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: input_userauth_request: invalid user vaibhav [preauth]
May 31 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.190.200.148
May 31 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Failed password for invalid user vaibhav from 189.190.200.148 port 51648 ssh2
May 31 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Received disconnect from 189.190.200.148 port 51648:11: Bye Bye [preauth]
May 31 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Disconnected from 189.190.200.148 port 51648 [preauth]
May 31 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session closed for user p13x
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Invalid user admin from 2.57.121.112
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: input_userauth_request: invalid user admin [preauth]
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28142]: Successful su for rubyman by root
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28142]: + ??? root:rubyman
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428820 of user rubyman.
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28142]: pam_unix(su:session): session closed for user rubyman
May 31 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428820.
May 31 10:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user admin from 2.57.121.112 port 31328 ssh2
May 31 10:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25420]: pam_unix(cron:session): session closed for user root
May 31 10:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user samftp
May 31 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user admin from 2.57.121.112 port 31328 ssh2
May 31 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user admin from 2.57.121.112 port 31328 ssh2
May 31 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.81.139.214  user=root
May 31 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user admin from 2.57.121.112 port 31328 ssh2
May 31 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Failed password for root from 124.81.139.214 port 37220 ssh2
May 31 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Received disconnect from 124.81.139.214 port 37220:11: Bye Bye [preauth]
May 31 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Disconnected from 124.81.139.214 port 37220 [preauth]
May 31 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user admin from 2.57.121.112 port 31328 ssh2
May 31 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Received disconnect from 2.57.121.112 port 31328:11: Bye [preauth]
May 31 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Disconnected from 2.57.121.112 port 31328 [preauth]
May 31 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Invalid user developer from 20.244.18.126
May 31 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: input_userauth_request: invalid user developer [preauth]
May 31 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126
May 31 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Failed password for invalid user developer from 20.244.18.126 port 36034 ssh2
May 31 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Received disconnect from 20.244.18.126 port 36034:11: Bye Bye [preauth]
May 31 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Disconnected from 20.244.18.126 port 36034 [preauth]
May 31 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27160]: pam_unix(cron:session): session closed for user root
May 31 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28383]: Failed password for root from 202.133.90.219 port 49206 ssh2
May 31 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28383]: Connection closed by 202.133.90.219 port 49206 [preauth]
May 31 10:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Invalid user lfs from 34.128.77.56
May 31 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: input_userauth_request: invalid user lfs [preauth]
May 31 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Failed password for invalid user lfs from 34.128.77.56 port 48116 ssh2
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Received disconnect from 34.128.77.56 port 48116:11: Bye Bye [preauth]
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Disconnected from 34.128.77.56 port 48116 [preauth]
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session closed for user p13x
May 31 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: Successful su for rubyman by root
May 31 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: + ??? root:rubyman
May 31 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428825 of user rubyman.
May 31 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: pam_unix(su:session): session closed for user rubyman
May 31 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428825.
May 31 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user root
May 31 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session closed for user samftp
May 31 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27599]: pam_unix(cron:session): session closed for user root
May 31 10:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Failed password for root from 202.133.90.219 port 54604 ssh2
May 31 10:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Connection closed by 202.133.90.219 port 54604 [preauth]
May 31 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Invalid user web from 187.210.77.100
May 31 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: input_userauth_request: invalid user web [preauth]
May 31 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28968]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session closed for user root
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session closed for user p13x
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29040]: Successful su for rubyman by root
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29040]: + ??? root:rubyman
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428831 of user rubyman.
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29040]: pam_unix(su:session): session closed for user rubyman
May 31 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428831.
May 31 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Failed password for invalid user web from 187.210.77.100 port 41338 ssh2
May 31 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Received disconnect from 187.210.77.100 port 41338:11: Bye Bye [preauth]
May 31 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Disconnected from 187.210.77.100 port 41338 [preauth]
May 31 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28968]: pam_unix(cron:session): session closed for user root
May 31 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session closed for user root
May 31 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28967]: pam_unix(cron:session): session closed for user samftp
May 31 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Failed password for root from 182.93.50.90 port 40696 ssh2
May 31 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Received disconnect from 182.93.50.90 port 40696:11: Bye Bye [preauth]
May 31 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Disconnected from 182.93.50.90 port 40696 [preauth]
May 31 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Invalid user n8n from 20.244.18.126
May 31 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: input_userauth_request: invalid user n8n [preauth]
May 31 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.18.126
May 31 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Failed password for invalid user n8n from 20.244.18.126 port 38058 ssh2
May 31 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Received disconnect from 20.244.18.126 port 38058:11: Bye Bye [preauth]
May 31 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Disconnected from 20.244.18.126 port 38058 [preauth]
May 31 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session closed for user root
May 31 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29349]: Failed password for root from 202.133.90.219 port 50682 ssh2
May 31 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29349]: Connection closed by 202.133.90.219 port 50682 [preauth]
May 31 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.128.77.56  user=root
May 31 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: Failed password for root from 34.128.77.56 port 44694 ssh2
May 31 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: Received disconnect from 34.128.77.56 port 44694:11: Bye Bye [preauth]
May 31 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: Disconnected from 34.128.77.56 port 44694 [preauth]
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29423]: pam_unix(cron:session): session closed for user p13x
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: Successful su for rubyman by root
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: + ??? root:rubyman
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428835 of user rubyman.
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: pam_unix(su:session): session closed for user rubyman
May 31 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428835.
May 31 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user root
May 31 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29424]: pam_unix(cron:session): session closed for user samftp
May 31 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session closed for user root
May 31 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Invalid user ubuntu from 80.94.92.182
May 31 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: input_userauth_request: invalid user ubuntu [preauth]
May 31 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Failed password for invalid user ubuntu from 80.94.92.182 port 35996 ssh2
May 31 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Connection closed by 80.94.92.182 port 35996 [preauth]
May 31 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Failed password for root from 202.133.90.219 port 48672 ssh2
May 31 10:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Connection closed by 202.133.90.219 port 48672 [preauth]
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29964]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29962]: pam_unix(cron:session): session closed for user p13x
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: Successful su for rubyman by root
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: + ??? root:rubyman
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428838 of user rubyman.
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: pam_unix(su:session): session closed for user rubyman
May 31 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428838.
May 31 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session closed for user root
May 31 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29963]: pam_unix(cron:session): session closed for user samftp
May 31 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session closed for user root
May 31 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: Invalid user admin from 182.93.50.90
May 31 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: input_userauth_request: invalid user admin [preauth]
May 31 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90
May 31 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: Failed password for invalid user admin from 182.93.50.90 port 59710 ssh2
May 31 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: Received disconnect from 182.93.50.90 port 59710:11: Bye Bye [preauth]
May 31 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: Disconnected from 182.93.50.90 port 59710 [preauth]
May 31 10:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Failed password for root from 202.133.90.219 port 60958 ssh2
May 31 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: Invalid user amits from 187.210.77.100
May 31 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: input_userauth_request: invalid user amits [preauth]
May 31 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Connection closed by 202.133.90.219 port 60958 [preauth]
May 31 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: Failed password for invalid user amits from 187.210.77.100 port 60272 ssh2
May 31 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: Received disconnect from 187.210.77.100 port 60272:11: Bye Bye [preauth]
May 31 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30358]: Disconnected from 187.210.77.100 port 60272 [preauth]
May 31 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session closed for user p13x
May 31 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30448]: Successful su for rubyman by root
May 31 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30448]: + ??? root:rubyman
May 31 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428843 of user rubyman.
May 31 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30448]: pam_unix(su:session): session closed for user rubyman
May 31 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428843.
May 31 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27598]: pam_unix(cron:session): session closed for user root
May 31 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session closed for user samftp
May 31 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user root
May 31 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 10:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Failed password for root from 193.37.70.224 port 55518 ssh2
May 31 10:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Connection closed by 193.37.70.224 port 55518 [preauth]
May 31 10:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: Received disconnect from 91.98.151.17 port 60860:11: disconnected by user [preauth]
May 31 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: Disconnected from 91.98.151.17 port 60860 [preauth]
May 31 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: Failed password for root from 202.133.90.219 port 39476 ssh2
May 31 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: Connection closed by 202.133.90.219 port 39476 [preauth]
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session closed for user p13x
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30867]: Successful su for rubyman by root
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30867]: + ??? root:rubyman
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428846 of user rubyman.
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30867]: pam_unix(su:session): session closed for user rubyman
May 31 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428846.
May 31 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session closed for user root
May 31 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session closed for user samftp
May 31 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: Failed password for root from 103.172.78.219 port 51444 ssh2
May 31 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: Connection closed by 103.172.78.219 port 51444 [preauth]
May 31 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: Failed password for root from 51.250.105.222 port 57354 ssh2
May 31 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: Connection closed by 51.250.105.222 port 57354 [preauth]
May 31 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session closed for user root
May 31 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: Failed password for root from 202.133.90.219 port 53484 ssh2
May 31 10:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: Connection closed by 202.133.90.219 port 53484 [preauth]
May 31 10:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 10:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: Failed password for root from 185.156.73.233 port 45342 ssh2
May 31 10:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: Connection closed by 185.156.73.233 port 45342 [preauth]
May 31 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session closed for user root
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session closed for user p13x
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31379]: Successful su for rubyman by root
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31379]: + ??? root:rubyman
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428853 of user rubyman.
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31379]: pam_unix(su:session): session closed for user rubyman
May 31 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428853.
May 31 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session closed for user root
May 31 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session closed for user root
May 31 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session closed for user samftp
May 31 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31667]: Failed password for root from 182.93.50.90 port 37722 ssh2
May 31 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31667]: Received disconnect from 182.93.50.90 port 37722:11: Bye Bye [preauth]
May 31 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31667]: Disconnected from 182.93.50.90 port 37722 [preauth]
May 31 10:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Invalid user es from 187.210.77.100
May 31 10:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: input_userauth_request: invalid user es [preauth]
May 31 10:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Failed password for invalid user es from 187.210.77.100 port 48290 ssh2
May 31 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Received disconnect from 187.210.77.100 port 48290:11: Bye Bye [preauth]
May 31 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Disconnected from 187.210.77.100 port 48290 [preauth]
May 31 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30389]: pam_unix(cron:session): session closed for user root
May 31 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Failed password for root from 202.133.90.219 port 49380 ssh2
May 31 10:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Connection closed by 202.133.90.219 port 49380 [preauth]
May 31 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Invalid user ubuntu from 80.94.92.182
May 31 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: input_userauth_request: invalid user ubuntu [preauth]
May 31 10:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for invalid user ubuntu from 80.94.92.182 port 38696 ssh2
May 31 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection closed by 80.94.92.182 port 38696 [preauth]
May 31 10:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session closed for user p13x
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31919]: Successful su for rubyman by root
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31919]: + ??? root:rubyman
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428856 of user rubyman.
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31919]: pam_unix(su:session): session closed for user rubyman
May 31 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428856.
May 31 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Failed password for root from 103.15.222.183 port 51102 ssh2
May 31 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Connection closed by 103.15.222.183 port 51102 [preauth]
May 31 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28969]: pam_unix(cron:session): session closed for user root
May 31 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session closed for user samftp
May 31 10:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 10:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Failed password for root from 170.82.76.2 port 51737 ssh2
May 31 10:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Connection closed by 170.82.76.2 port 51737 [preauth]
May 31 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30806]: pam_unix(cron:session): session closed for user root
May 31 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Failed password for root from 202.133.90.219 port 60806 ssh2
May 31 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Connection closed by 202.133.90.219 port 60806 [preauth]
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32269]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session closed for user p13x
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: Successful su for rubyman by root
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: + ??? root:rubyman
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428861 of user rubyman.
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: pam_unix(su:session): session closed for user rubyman
May 31 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428861.
May 31 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user root
May 31 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session closed for user samftp
May 31 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session closed for user root
May 31 10:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Failed password for root from 182.93.50.90 port 56196 ssh2
May 31 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Received disconnect from 182.93.50.90 port 56196:11: Bye Bye [preauth]
May 31 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Disconnected from 182.93.50.90 port 56196 [preauth]
May 31 10:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Failed password for root from 202.133.90.219 port 35484 ssh2
May 31 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Connection closed by 202.133.90.219 port 35484 [preauth]
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session closed for user p13x
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: Successful su for rubyman by root
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: + ??? root:rubyman
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428866 of user rubyman.
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: pam_unix(su:session): session closed for user rubyman
May 31 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428866.
May 31 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29964]: pam_unix(cron:session): session closed for user root
May 31 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session closed for user samftp
May 31 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Invalid user cloud from 187.210.77.100
May 31 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: input_userauth_request: invalid user cloud [preauth]
May 31 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Failed password for invalid user cloud from 187.210.77.100 port 59618 ssh2
May 31 10:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Received disconnect from 187.210.77.100 port 59618:11: Bye Bye [preauth]
May 31 10:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Disconnected from 187.210.77.100 port 59618 [preauth]
May 31 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session closed for user root
May 31 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Failed password for root from 202.133.90.219 port 51602 ssh2
May 31 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Connection closed by 202.133.90.219 port 51602 [preauth]
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[776]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[772]: pam_unix(cron:session): session closed for user p13x
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: Successful su for rubyman by root
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: + ??? root:rubyman
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428868 of user rubyman.
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: pam_unix(su:session): session closed for user rubyman
May 31 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428868.
May 31 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session closed for user root
May 31 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[773]: pam_unix(cron:session): session closed for user samftp
May 31 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Invalid user tuan from 43.228.112.254
May 31 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: input_userauth_request: invalid user tuan [preauth]
May 31 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254
May 31 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Failed password for invalid user tuan from 43.228.112.254 port 43858 ssh2
May 31 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Received disconnect from 43.228.112.254 port 43858:11: Bye Bye [preauth]
May 31 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Disconnected from 43.228.112.254 port 43858 [preauth]
May 31 10:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32269]: pam_unix(cron:session): session closed for user root
May 31 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Invalid user ubuntu from 80.94.92.182
May 31 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: input_userauth_request: invalid user ubuntu [preauth]
May 31 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): check pass; user unknown
May 31 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 10:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for invalid user ubuntu from 80.94.92.182 port 41396 ssh2
May 31 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Connection closed by 80.94.92.182 port 41396 [preauth]
May 31 10:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 10:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 10:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for root from 202.133.90.219 port 36132 ssh2
May 31 10:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 202.133.90.219 port 36132 [preauth]
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session closed for user root
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session closed for user root
May 31 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1221]: pam_unix(cron:session): session closed for user p13x
May 31 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: Successful su for rubyman by root
May 31 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: + ??? root:rubyman
May 31 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428877 of user rubyman.
May 31 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session closed for user rubyman
May 31 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428877.
May 31 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session closed for user root
May 31 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session closed for user root
May 31 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1222]: pam_unix(cron:session): session closed for user samftp
May 31 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Invalid user vaibhav from 182.93.50.90
May 31 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: input_userauth_request: invalid user vaibhav [preauth]
May 31 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90
May 31 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Failed password for invalid user vaibhav from 182.93.50.90 port 35636 ssh2
May 31 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Received disconnect from 182.93.50.90 port 35636:11: Bye Bye [preauth]
May 31 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Disconnected from 182.93.50.90 port 35636 [preauth]
May 31 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user root
May 31 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Failed password for root from 103.77.242.62 port 40440 ssh2
May 31 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Connection closed by 103.77.242.62 port 40440 [preauth]
May 31 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Invalid user ubuntu from 187.210.77.100
May 31 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: input_userauth_request: invalid user ubuntu [preauth]
May 31 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Failed password for root from 202.133.90.219 port 44174 ssh2
May 31 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Failed password for invalid user ubuntu from 187.210.77.100 port 57420 ssh2
May 31 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Received disconnect from 187.210.77.100 port 57420:11: Bye Bye [preauth]
May 31 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Disconnected from 187.210.77.100 port 57420 [preauth]
May 31 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Connection closed by 202.133.90.219 port 44174 [preauth]
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session closed for user p13x
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: Successful su for rubyman by root
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: + ??? root:rubyman
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428880 of user rubyman.
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: pam_unix(su:session): session closed for user rubyman
May 31 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428880.
May 31 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
May 31 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session closed for user root
May 31 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session closed for user samftp
May 31 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2135]: Failed password for root from 94.159.110.201 port 56672 ssh2
May 31 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2135]: Connection closed by 94.159.110.201 port 56672 [preauth]
May 31 11:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session closed for user root
May 31 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2352]: Failed password for root from 202.133.90.219 port 36682 ssh2
May 31 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2352]: Connection closed by 202.133.90.219 port 36682 [preauth]
May 31 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2380]: pam_unix(cron:session): session closed for user p13x
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: Successful su for rubyman by root
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: + ??? root:rubyman
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428884 of user rubyman.
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: pam_unix(su:session): session closed for user rubyman
May 31 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428884.
May 31 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session closed for user root
May 31 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session closed for user samftp
May 31 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session closed for user root
May 31 11:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for root from 182.93.50.90 port 42404 ssh2
May 31 11:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Received disconnect from 182.93.50.90 port 42404:11: Bye Bye [preauth]
May 31 11:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Disconnected from 182.93.50.90 port 42404 [preauth]
May 31 11:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Failed password for root from 202.133.90.219 port 46340 ssh2
May 31 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Connection closed by 202.133.90.219 port 46340 [preauth]
May 31 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user p13x
May 31 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2868]: Successful su for rubyman by root
May 31 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2868]: + ??? root:rubyman
May 31 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428888 of user rubyman.
May 31 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2868]: pam_unix(su:session): session closed for user rubyman
May 31 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428888.
May 31 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session closed for user root
May 31 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user samftp
May 31 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Invalid user ubuntu from 80.94.92.182
May 31 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: input_userauth_request: invalid user ubuntu [preauth]
May 31 11:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Failed password for invalid user ubuntu from 80.94.92.182 port 44112 ssh2
May 31 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Connection closed by 80.94.92.182 port 44112 [preauth]
May 31 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Received disconnect from 185.191.165.57 port 33914:11: disconnected by user [preauth]
May 31 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Disconnected from 185.191.165.57 port 33914 [preauth]
May 31 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session closed for user root
May 31 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 46.19.67.181 port 38130 ssh2
May 31 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Connection closed by 46.19.67.181 port 38130 [preauth]
May 31 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Invalid user testing from 187.210.77.100
May 31 11:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: input_userauth_request: invalid user testing [preauth]
May 31 11:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 11:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Failed password for invalid user testing from 187.210.77.100 port 57984 ssh2
May 31 11:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Received disconnect from 187.210.77.100 port 57984:11: Bye Bye [preauth]
May 31 11:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Disconnected from 187.210.77.100 port 57984 [preauth]
May 31 11:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 11:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for root from 109.237.96.109 port 43020 ssh2
May 31 11:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Connection closed by 109.237.96.109 port 43020 [preauth]
May 31 11:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user p13x
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: Successful su for rubyman by root
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: + ??? root:rubyman
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428893 of user rubyman.
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3277]: pam_unix(su:session): session closed for user rubyman
May 31 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428893.
May 31 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 202.133.90.219 port 34292 ssh2
May 31 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Connection closed by 202.133.90.219 port 34292 [preauth]
May 31 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session closed for user root
May 31 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session closed for user samftp
May 31 11:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Failed password for root from 147.45.199.80 port 45846 ssh2
May 31 11:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Connection closed by 147.45.199.80 port 45846 [preauth]
May 31 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session closed for user root
May 31 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 11:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: Failed password for root from 147.45.197.250 port 54784 ssh2
May 31 11:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: Connection closed by 147.45.197.250 port 54784 [preauth]
May 31 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session closed for user root
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3611]: pam_unix(cron:session): session closed for user p13x
May 31 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3681]: Successful su for rubyman by root
May 31 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3681]: + ??? root:rubyman
May 31 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428895 of user rubyman.
May 31 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3681]: pam_unix(su:session): session closed for user rubyman
May 31 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428895.
May 31 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[776]: pam_unix(cron:session): session closed for user root
May 31 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session closed for user root
May 31 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Failed password for root from 202.133.90.219 port 39456 ssh2
May 31 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Connection closed by 202.133.90.219 port 39456 [preauth]
May 31 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session closed for user samftp
May 31 11:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Invalid user openeuler from 182.93.50.90
May 31 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: input_userauth_request: invalid user openeuler [preauth]
May 31 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90
May 31 11:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Failed password for invalid user openeuler from 182.93.50.90 port 52618 ssh2
May 31 11:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Received disconnect from 182.93.50.90 port 52618:11: Bye Bye [preauth]
May 31 11:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Disconnected from 182.93.50.90 port 52618 [preauth]
May 31 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session closed for user root
May 31 11:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4236]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4234]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4232]: pam_unix(cron:session): session closed for user p13x
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4310]: Successful su for rubyman by root
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4310]: + ??? root:rubyman
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428902 of user rubyman.
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4310]: pam_unix(su:session): session closed for user rubyman
May 31 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428902.
May 31 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session closed for user root
May 31 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4233]: pam_unix(cron:session): session closed for user samftp
May 31 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for root from 202.133.90.219 port 51362 ssh2
May 31 11:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Connection closed by 202.133.90.219 port 51362 [preauth]
May 31 11:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Failed password for root from 187.210.77.100 port 58938 ssh2
May 31 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Received disconnect from 187.210.77.100 port 58938:11: Bye Bye [preauth]
May 31 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Disconnected from 187.210.77.100 port 58938 [preauth]
May 31 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session closed for user root
May 31 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4652]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4651]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session closed for user p13x
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: Successful su for rubyman by root
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: + ??? root:rubyman
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428907 of user rubyman.
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session closed for user rubyman
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428907.
May 31 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user root
May 31 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Invalid user minima from 80.94.92.182
May 31 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: input_userauth_request: invalid user minima [preauth]
May 31 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session closed for user samftp
May 31 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Failed password for invalid user minima from 80.94.92.182 port 46806 ssh2
May 31 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Connection closed by 80.94.92.182 port 46806 [preauth]
May 31 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: Failed password for root from 202.133.90.219 port 52652 ssh2
May 31 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: Connection closed by 202.133.90.219 port 52652 [preauth]
May 31 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session closed for user root
May 31 11:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.93.50.90  user=root
May 31 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5046]: Failed password for root from 182.93.50.90 port 36060 ssh2
May 31 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5046]: Received disconnect from 182.93.50.90 port 36060:11: Bye Bye [preauth]
May 31 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5046]: Disconnected from 182.93.50.90 port 36060 [preauth]
May 31 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5063]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5062]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5060]: pam_unix(cron:session): session closed for user p13x
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5118]: Successful su for rubyman by root
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5118]: + ??? root:rubyman
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428910 of user rubyman.
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5118]: pam_unix(su:session): session closed for user rubyman
May 31 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428910.
May 31 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session closed for user root
May 31 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: Failed password for root from 202.133.90.219 port 35772 ssh2
May 31 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5061]: pam_unix(cron:session): session closed for user samftp
May 31 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: Connection closed by 202.133.90.219 port 35772 [preauth]
May 31 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4236]: pam_unix(cron:session): session closed for user root
May 31 11:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 11:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Failed password for root from 103.173.227.57 port 33622 ssh2
May 31 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Connection closed by 103.173.227.57 port 33622 [preauth]
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5462]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5459]: pam_unix(cron:session): session closed for user p13x
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5586]: Successful su for rubyman by root
May 31 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5586]: + ??? root:rubyman
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428915 of user rubyman.
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5586]: pam_unix(su:session): session closed for user rubyman
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428915.
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session closed for user root
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Invalid user hamed from 187.210.77.100
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: input_userauth_request: invalid user hamed [preauth]
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100
May 31 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session closed for user root
May 31 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Failed password for invalid user hamed from 187.210.77.100 port 44354 ssh2
May 31 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Received disconnect from 187.210.77.100 port 44354:11: Bye Bye [preauth]
May 31 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Disconnected from 187.210.77.100 port 44354 [preauth]
May 31 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5460]: pam_unix(cron:session): session closed for user samftp
May 31 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Failed password for root from 202.133.90.219 port 41594 ssh2
May 31 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Connection closed by 202.133.90.219 port 41594 [preauth]
May 31 11:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243  user=root
May 31 11:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5820]: Failed password for root from 103.191.14.243 port 34578 ssh2
May 31 11:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5820]: Received disconnect from 103.191.14.243 port 34578:11: Bye Bye [preauth]
May 31 11:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5820]: Disconnected from 103.191.14.243 port 34578 [preauth]
May 31 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4652]: pam_unix(cron:session): session closed for user root
May 31 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254  user=root
May 31 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Failed password for root from 43.228.112.254 port 46276 ssh2
May 31 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Received disconnect from 43.228.112.254 port 46276:11: Bye Bye [preauth]
May 31 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Disconnected from 43.228.112.254 port 46276 [preauth]
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5939]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session closed for user root
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session closed for user p13x
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6001]: Successful su for rubyman by root
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6001]: + ??? root:rubyman
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428922 of user rubyman.
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6001]: pam_unix(su:session): session closed for user rubyman
May 31 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428922.
May 31 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session closed for user root
May 31 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user root
May 31 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session closed for user samftp
May 31 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: Failed password for root from 202.133.90.219 port 51348 ssh2
May 31 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: Connection closed by 202.133.90.219 port 51348 [preauth]
May 31 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5063]: pam_unix(cron:session): session closed for user root
May 31 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6352]: pam_unix(cron:session): session closed for user p13x
May 31 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6418]: Successful su for rubyman by root
May 31 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6418]: + ??? root:rubyman
May 31 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428925 of user rubyman.
May 31 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6418]: pam_unix(su:session): session closed for user rubyman
May 31 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428925.
May 31 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session closed for user root
May 31 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session closed for user samftp
May 31 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: Failed password for root from 103.149.28.157 port 49730 ssh2
May 31 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: Connection closed by 103.149.28.157 port 49730 [preauth]
May 31 11:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: Failed password for root from 202.133.90.219 port 58318 ssh2
May 31 11:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: Connection closed by 202.133.90.219 port 58318 [preauth]
May 31 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Invalid user ops from 80.94.92.182
May 31 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: input_userauth_request: invalid user ops [preauth]
May 31 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Failed password for invalid user ops from 80.94.92.182 port 49518 ssh2
May 31 11:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Connection closed by 80.94.92.182 port 49518 [preauth]
May 31 11:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243  user=root
May 31 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Failed password for root from 103.191.14.243 port 35406 ssh2
May 31 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Invalid user mapr from 43.228.112.254
May 31 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: input_userauth_request: invalid user mapr [preauth]
May 31 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254
May 31 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Received disconnect from 103.191.14.243 port 35406:11: Bye Bye [preauth]
May 31 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Disconnected from 103.191.14.243 port 35406 [preauth]
May 31 11:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Failed password for invalid user mapr from 43.228.112.254 port 36450 ssh2
May 31 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Received disconnect from 43.228.112.254 port 36450:11: Bye Bye [preauth]
May 31 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Disconnected from 43.228.112.254 port 36450 [preauth]
May 31 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5462]: pam_unix(cron:session): session closed for user root
May 31 11:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.77.100  user=root
May 31 11:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Failed password for root from 187.210.77.100 port 58154 ssh2
May 31 11:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Received disconnect from 187.210.77.100 port 58154:11: Bye Bye [preauth]
May 31 11:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Disconnected from 187.210.77.100 port 58154 [preauth]
May 31 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: Failed password for root from 185.156.73.233 port 33678 ssh2
May 31 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: Connection closed by 185.156.73.233 port 33678 [preauth]
May 31 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6771]: pam_unix(cron:session): session closed for user p13x
May 31 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6839]: Successful su for rubyman by root
May 31 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6839]: + ??? root:rubyman
May 31 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428928 of user rubyman.
May 31 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6839]: pam_unix(su:session): session closed for user rubyman
May 31 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428928.
May 31 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4234]: pam_unix(cron:session): session closed for user root
May 31 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session closed for user samftp
May 31 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7070]: Failed password for root from 202.133.90.219 port 39048 ssh2
May 31 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7070]: Connection closed by 202.133.90.219 port 39048 [preauth]
May 31 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session closed for user root
May 31 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: Failed password for root from 94.159.98.239 port 57200 ssh2
May 31 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: Connection closed by 94.159.98.239 port 57200 [preauth]
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7270]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7271]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session closed for user p13x
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7330]: Successful su for rubyman by root
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7330]: + ??? root:rubyman
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428932 of user rubyman.
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7330]: pam_unix(su:session): session closed for user rubyman
May 31 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428932.
May 31 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4651]: pam_unix(cron:session): session closed for user root
May 31 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7269]: pam_unix(cron:session): session closed for user samftp
May 31 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Invalid user ftp_user from 103.191.14.243
May 31 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: input_userauth_request: invalid user ftp_user [preauth]
May 31 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243
May 31 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254  user=root
May 31 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for invalid user ftp_user from 103.191.14.243 port 49072 ssh2
May 31 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Received disconnect from 103.191.14.243 port 49072:11: Bye Bye [preauth]
May 31 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Disconnected from 103.191.14.243 port 49072 [preauth]
May 31 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Failed password for root from 43.228.112.254 port 53502 ssh2
May 31 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Received disconnect from 43.228.112.254 port 53502:11: Bye Bye [preauth]
May 31 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Disconnected from 43.228.112.254 port 53502 [preauth]
May 31 11:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Failed password for root from 202.133.90.219 port 40488 ssh2
May 31 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Connection closed by 202.133.90.219 port 40488 [preauth]
May 31 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session closed for user root
May 31 11:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Received disconnect from 141.95.156.38 port 46674:11: disconnected by user [preauth]
May 31 11:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Disconnected from 141.95.156.38 port 46674 [preauth]
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7774]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7773]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7770]: pam_unix(cron:session): session closed for user p13x
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7828]: Successful su for rubyman by root
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7828]: + ??? root:rubyman
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428936 of user rubyman.
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7828]: pam_unix(su:session): session closed for user rubyman
May 31 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428936.
May 31 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5062]: pam_unix(cron:session): session closed for user root
May 31 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7772]: pam_unix(cron:session): session closed for user samftp
May 31 11:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Failed password for root from 202.133.90.219 port 45698 ssh2
May 31 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Connection closed by 202.133.90.219 port 45698 [preauth]
May 31 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May 31 11:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: Failed password for root from 210.79.142.221 port 44642 ssh2
May 31 11:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: Received disconnect from 210.79.142.221 port 44642:11: Bye Bye [preauth]
May 31 11:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: Disconnected from 210.79.142.221 port 44642 [preauth]
May 31 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session closed for user root
May 31 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 11:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Failed password for root from 103.82.132.16 port 47322 ssh2
May 31 11:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Connection closed by 103.82.132.16 port 47322 [preauth]
May 31 11:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Invalid user teste from 43.228.112.254
May 31 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: input_userauth_request: invalid user teste [preauth]
May 31 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254
May 31 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Failed password for invalid user teste from 43.228.112.254 port 48258 ssh2
May 31 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Received disconnect from 43.228.112.254 port 48258:11: Bye Bye [preauth]
May 31 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Disconnected from 43.228.112.254 port 48258 [preauth]
May 31 11:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243  user=root
May 31 11:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8140]: Failed password for root from 103.191.14.243 port 56452 ssh2
May 31 11:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8140]: Received disconnect from 103.191.14.243 port 56452:11: Bye Bye [preauth]
May 31 11:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8140]: Disconnected from 103.191.14.243 port 56452 [preauth]
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8172]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8173]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8171]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session closed for user root
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8169]: pam_unix(cron:session): session closed for user p13x
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8235]: Successful su for rubyman by root
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8235]: + ??? root:rubyman
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428943 of user rubyman.
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8235]: pam_unix(su:session): session closed for user rubyman
May 31 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428943.
May 31 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8171]: pam_unix(cron:session): session closed for user root
May 31 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5461]: pam_unix(cron:session): session closed for user root
May 31 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8170]: pam_unix(cron:session): session closed for user samftp
May 31 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Failed password for root from 202.133.90.219 port 58642 ssh2
May 31 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Connection closed by 202.133.90.219 port 58642 [preauth]
May 31 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7271]: pam_unix(cron:session): session closed for user root
May 31 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Invalid user operation from 80.94.92.182
May 31 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: input_userauth_request: invalid user operation [preauth]
May 31 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Failed password for invalid user operation from 80.94.92.182 port 52242 ssh2
May 31 11:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Connection closed by 80.94.92.182 port 52242 [preauth]
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8594]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user p13x
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: Successful su for rubyman by root
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: + ??? root:rubyman
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428946 of user rubyman.
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: pam_unix(su:session): session closed for user rubyman
May 31 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428946.
May 31 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5939]: pam_unix(cron:session): session closed for user root
May 31 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session closed for user samftp
May 31 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Invalid user nathaniel from 43.228.112.254
May 31 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: input_userauth_request: invalid user nathaniel [preauth]
May 31 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254
May 31 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for invalid user nathaniel from 43.228.112.254 port 38026 ssh2
May 31 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Received disconnect from 43.228.112.254 port 38026:11: Bye Bye [preauth]
May 31 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Disconnected from 43.228.112.254 port 38026 [preauth]
May 31 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Failed password for root from 185.236.22.41 port 54284 ssh2
May 31 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Connection closed by 185.236.22.41 port 54284 [preauth]
May 31 11:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243  user=root
May 31 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Failed password for root from 103.191.14.243 port 45964 ssh2
May 31 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Received disconnect from 103.191.14.243 port 45964:11: Bye Bye [preauth]
May 31 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Disconnected from 103.191.14.243 port 45964 [preauth]
May 31 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for root from 202.133.90.219 port 37576 ssh2
May 31 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Connection closed by 202.133.90.219 port 37576 [preauth]
May 31 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7774]: pam_unix(cron:session): session closed for user root
May 31 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Connection closed by 211.94.218.165 port 49214 [preauth]
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session closed for user root
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session closed for user p13x
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9073]: Successful su for rubyman by root
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9073]: + ??? root:rubyman
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428953 of user rubyman.
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9073]: pam_unix(su:session): session closed for user rubyman
May 31 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428953.
May 31 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session closed for user root
May 31 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session closed for user samftp
May 31 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9310]: Failed password for root from 202.133.90.219 port 43452 ssh2
May 31 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9310]: Connection closed by 202.133.90.219 port 43452 [preauth]
May 31 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Invalid user root2 from 183.104.26.197
May 31 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: input_userauth_request: invalid user root2 [preauth]
May 31 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8173]: pam_unix(cron:session): session closed for user root
May 31 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Failed password for invalid user root2 from 183.104.26.197 port 43282 ssh2
May 31 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Received disconnect from 183.104.26.197 port 43282:11: Bye Bye [preauth]
May 31 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Disconnected from 183.104.26.197 port 43282 [preauth]
May 31 11:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Failed password for root from 138.124.73.129 port 22774 ssh2
May 31 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Received disconnect from 138.124.73.129 port 22774:11: Bye Bye [preauth]
May 31 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Disconnected from 138.124.73.129 port 22774 [preauth]
May 31 11:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254  user=root
May 31 11:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Failed password for root from 43.228.112.254 port 46180 ssh2
May 31 11:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Received disconnect from 43.228.112.254 port 46180:11: Bye Bye [preauth]
May 31 11:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Disconnected from 43.228.112.254 port 46180 [preauth]
May 31 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Invalid user mapr from 103.191.14.243
May 31 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: input_userauth_request: invalid user mapr [preauth]
May 31 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243
May 31 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Failed password for invalid user mapr from 103.191.14.243 port 38550 ssh2
May 31 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Received disconnect from 103.191.14.243 port 38550:11: Bye Bye [preauth]
May 31 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Disconnected from 103.191.14.243 port 38550 [preauth]
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9410]: pam_unix(cron:session): session closed for user p13x
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: Successful su for rubyman by root
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: + ??? root:rubyman
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428955 of user rubyman.
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: pam_unix(su:session): session closed for user rubyman
May 31 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428955.
May 31 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session closed for user root
May 31 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session closed for user samftp
May 31 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for root from 193.228.128.84 port 47030 ssh2
May 31 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Connection closed by 193.228.128.84 port 47030 [preauth]
May 31 11:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May 31 11:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Failed password for root from 210.79.142.221 port 47512 ssh2
May 31 11:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Received disconnect from 210.79.142.221 port 47512:11: Bye Bye [preauth]
May 31 11:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Disconnected from 210.79.142.221 port 47512 [preauth]
May 31 11:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: Failed password for root from 202.133.90.219 port 54646 ssh2
May 31 11:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: Connection closed by 202.133.90.219 port 54646 [preauth]
May 31 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session closed for user root
May 31 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57  user=root
May 31 11:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: Failed password for root from 103.199.19.57 port 53802 ssh2
May 31 11:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: Received disconnect from 103.199.19.57 port 53802:11: Bye Bye [preauth]
May 31 11:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9739]: Disconnected from 103.199.19.57 port 53802 [preauth]
May 31 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session closed for user p13x
May 31 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: Successful su for rubyman by root
May 31 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: + ??? root:rubyman
May 31 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428959 of user rubyman.
May 31 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session closed for user rubyman
May 31 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428959.
May 31 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7270]: pam_unix(cron:session): session closed for user root
May 31 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9808]: pam_unix(cron:session): session closed for user samftp
May 31 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Invalid user ftp_user from 43.228.112.254
May 31 11:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: input_userauth_request: invalid user ftp_user [preauth]
May 31 11:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Failed password for invalid user ftp_user from 43.228.112.254 port 45132 ssh2
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Received disconnect from 43.228.112.254 port 45132:11: Bye Bye [preauth]
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Disconnected from 43.228.112.254 port 45132 [preauth]
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Invalid user kato from 173.254.234.162
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: input_userauth_request: invalid user kato [preauth]
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Failed password for invalid user kato from 173.254.234.162 port 44392 ssh2
May 31 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Connection closed by 173.254.234.162 port 44392 [preauth]
May 31 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Invalid user teste from 103.191.14.243
May 31 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: input_userauth_request: invalid user teste [preauth]
May 31 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243
May 31 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Failed password for invalid user teste from 103.191.14.243 port 53342 ssh2
May 31 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Received disconnect from 103.191.14.243 port 53342:11: Bye Bye [preauth]
May 31 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Disconnected from 103.191.14.243 port 53342 [preauth]
May 31 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: Failed password for root from 202.133.90.219 port 53620 ssh2
May 31 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: Connection closed by 202.133.90.219 port 53620 [preauth]
May 31 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session closed for user root
May 31 11:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Invalid user opadmin from 80.94.92.182
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: input_userauth_request: invalid user opadmin [preauth]
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session closed for user root
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10477]: pam_unix(cron:session): session closed for user p13x
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: Successful su for rubyman by root
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: + ??? root:rubyman
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428963 of user rubyman.
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: pam_unix(su:session): session closed for user rubyman
May 31 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428963.
May 31 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Failed password for invalid user opadmin from 80.94.92.182 port 54986 ssh2
May 31 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10479]: pam_unix(cron:session): session closed for user root
May 31 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Connection closed by 80.94.92.182 port 54986 [preauth]
May 31 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7773]: pam_unix(cron:session): session closed for user root
May 31 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session closed for user samftp
May 31 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 38.93.206.2 port 34546 ssh2
May 31 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 38.93.206.2 port 34546 [preauth]
May 31 11:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session closed for user root
May 31 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for root from 202.133.90.219 port 59870 ssh2
May 31 11:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Connection closed by 202.133.90.219 port 59870 [preauth]
May 31 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: Failed password for root from 103.27.238.114 port 60868 ssh2
May 31 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: Connection closed by 103.27.238.114 port 60868 [preauth]
May 31 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Invalid user user from 210.79.142.221
May 31 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: input_userauth_request: invalid user user [preauth]
May 31 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May 31 11:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for invalid user user from 210.79.142.221 port 53398 ssh2
May 31 11:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Received disconnect from 210.79.142.221 port 53398:11: Bye Bye [preauth]
May 31 11:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Disconnected from 210.79.142.221 port 53398 [preauth]
May 31 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Invalid user user from 103.191.14.243
May 31 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: input_userauth_request: invalid user user [preauth]
May 31 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243
May 31 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254  user=root
May 31 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Failed password for invalid user user from 103.191.14.243 port 59852 ssh2
May 31 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Received disconnect from 103.191.14.243 port 59852:11: Bye Bye [preauth]
May 31 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Disconnected from 103.191.14.243 port 59852 [preauth]
May 31 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Failed password for root from 43.228.112.254 port 53590 ssh2
May 31 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Received disconnect from 43.228.112.254 port 53590:11: Bye Bye [preauth]
May 31 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Disconnected from 43.228.112.254 port 53590 [preauth]
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10953]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session closed for user p13x
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11019]: Successful su for rubyman by root
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11019]: + ??? root:rubyman
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428970 of user rubyman.
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11019]: pam_unix(su:session): session closed for user rubyman
May 31 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428970.
May 31 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8172]: pam_unix(cron:session): session closed for user root
May 31 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session closed for user samftp
May 31 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session closed for user root
May 31 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Failed password for root from 202.133.90.219 port 50440 ssh2
May 31 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Connection closed by 202.133.90.219 port 50440 [preauth]
May 31 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Connection closed by 45.148.10.121 port 39864 [preauth]
May 31 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session closed for user p13x
May 31 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11438]: Successful su for rubyman by root
May 31 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11438]: + ??? root:rubyman
May 31 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428974 of user rubyman.
May 31 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11438]: pam_unix(su:session): session closed for user rubyman
May 31 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428974.
May 31 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8594]: pam_unix(cron:session): session closed for user root
May 31 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11369]: pam_unix(cron:session): session closed for user samftp
May 31 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Invalid user ociispth from 138.124.73.129
May 31 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: input_userauth_request: invalid user ociispth [preauth]
May 31 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Failed password for invalid user ociispth from 138.124.73.129 port 47256 ssh2
May 31 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Received disconnect from 138.124.73.129 port 47256:11: Bye Bye [preauth]
May 31 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Disconnected from 138.124.73.129 port 47256 [preauth]
May 31 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 11:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: Invalid user nathaniel from 103.191.14.243
May 31 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: input_userauth_request: invalid user nathaniel [preauth]
May 31 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for root from 89.108.118.91 port 50942 ssh2
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: Invalid user user from 43.228.112.254
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: input_userauth_request: invalid user user [preauth]
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.228.112.254
May 31 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Connection closed by 89.108.118.91 port 50942 [preauth]
May 31 11:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: Failed password for invalid user nathaniel from 103.191.14.243 port 39400 ssh2
May 31 11:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: Received disconnect from 103.191.14.243 port 39400:11: Bye Bye [preauth]
May 31 11:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11690]: Disconnected from 103.191.14.243 port 39400 [preauth]
May 31 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: Failed password for invalid user user from 43.228.112.254 port 41252 ssh2
May 31 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session closed for user root
May 31 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: Received disconnect from 43.228.112.254 port 41252:11: Bye Bye [preauth]
May 31 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11698]: Disconnected from 43.228.112.254 port 41252 [preauth]
May 31 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Failed password for root from 202.133.90.219 port 44294 ssh2
May 31 11:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Connection closed by 202.133.90.219 port 44294 [preauth]
May 31 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Invalid user ubuntu from 183.104.26.197
May 31 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: input_userauth_request: invalid user ubuntu [preauth]
May 31 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Failed password for invalid user ubuntu from 183.104.26.197 port 58218 ssh2
May 31 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Received disconnect from 183.104.26.197 port 58218:11: Bye Bye [preauth]
May 31 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Disconnected from 183.104.26.197 port 58218 [preauth]
May 31 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11827]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11828]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11825]: pam_unix(cron:session): session closed for user p13x
May 31 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: Successful su for rubyman by root
May 31 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: + ??? root:rubyman
May 31 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428978 of user rubyman.
May 31 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: pam_unix(su:session): session closed for user rubyman
May 31 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428978.
May 31 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session closed for user root
May 31 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11826]: pam_unix(cron:session): session closed for user samftp
May 31 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Invalid user mapr from 210.79.142.221
May 31 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: input_userauth_request: invalid user mapr [preauth]
May 31 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May 31 11:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Failed password for invalid user mapr from 210.79.142.221 port 54760 ssh2
May 31 11:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Received disconnect from 210.79.142.221 port 54760:11: Bye Bye [preauth]
May 31 11:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Disconnected from 210.79.142.221 port 54760 [preauth]
May 31 11:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: Invalid user admin from 185.156.73.233
May 31 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: input_userauth_request: invalid user admin [preauth]
May 31 11:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: Failed password for invalid user admin from 185.156.73.233 port 30750 ssh2
May 31 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: Connection closed by 185.156.73.233 port 30750 [preauth]
May 31 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10953]: pam_unix(cron:session): session closed for user root
May 31 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: Invalid user rizki from 103.199.19.57
May 31 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: input_userauth_request: invalid user rizki [preauth]
May 31 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: Failed password for invalid user rizki from 103.199.19.57 port 36554 ssh2
May 31 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: Received disconnect from 103.199.19.57 port 36554:11: Bye Bye [preauth]
May 31 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12174]: Disconnected from 103.199.19.57 port 36554 [preauth]
May 31 11:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Failed password for root from 202.133.90.219 port 42648 ssh2
May 31 11:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Connection closed by 202.133.90.219 port 42648 [preauth]
May 31 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Invalid user ehsan from 138.124.73.129
May 31 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: input_userauth_request: invalid user ehsan [preauth]
May 31 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Failed password for invalid user ehsan from 138.124.73.129 port 50514 ssh2
May 31 11:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Received disconnect from 138.124.73.129 port 50514:11: Bye Bye [preauth]
May 31 11:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Disconnected from 138.124.73.129 port 50514 [preauth]
May 31 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Invalid user psadmin from 80.94.92.182
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: input_userauth_request: invalid user psadmin [preauth]
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Invalid user tuan from 103.191.14.243
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: input_userauth_request: invalid user tuan [preauth]
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.191.14.243
May 31 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session closed for user p13x
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12446]: Successful su for rubyman by root
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12446]: + ??? root:rubyman
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428982 of user rubyman.
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12446]: pam_unix(su:session): session closed for user rubyman
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428982.
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for invalid user psadmin from 80.94.92.182 port 57710 ssh2
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Failed password for invalid user tuan from 103.191.14.243 port 54224 ssh2
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Received disconnect from 103.191.14.243 port 54224:11: Bye Bye [preauth]
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Disconnected from 103.191.14.243 port 54224 [preauth]
May 31 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Connection closed by 80.94.92.182 port 57710 [preauth]
May 31 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9412]: pam_unix(cron:session): session closed for user root
May 31 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12378]: pam_unix(cron:session): session closed for user samftp
May 31 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user root
May 31 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Failed password for root from 183.104.26.197 port 42872 ssh2
May 31 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Received disconnect from 183.104.26.197 port 42872:11: Bye Bye [preauth]
May 31 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Disconnected from 183.104.26.197 port 42872 [preauth]
May 31 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Failed password for root from 202.133.90.219 port 36546 ssh2
May 31 11:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Connection closed by 202.133.90.219 port 36546 [preauth]
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
May 31 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session closed for user p13x
May 31 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: Successful su for rubyman by root
May 31 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: + ??? root:rubyman
May 31 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428987 of user rubyman.
May 31 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: pam_unix(su:session): session closed for user rubyman
May 31 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428987.
May 31 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user root
May 31 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session closed for user root
May 31 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user samftp
May 31 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Invalid user hundsun from 103.199.19.57
May 31 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: input_userauth_request: invalid user hundsun [preauth]
May 31 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Failed password for invalid user hundsun from 103.199.19.57 port 35720 ssh2
May 31 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Received disconnect from 103.199.19.57 port 35720:11: Bye Bye [preauth]
May 31 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Disconnected from 103.199.19.57 port 35720 [preauth]
May 31 11:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Failed password for root from 138.124.73.129 port 14068 ssh2
May 31 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Received disconnect from 138.124.73.129 port 14068:11: Bye Bye [preauth]
May 31 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Disconnected from 138.124.73.129 port 14068 [preauth]
May 31 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Invalid user tuan from 210.79.142.221
May 31 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: input_userauth_request: invalid user tuan [preauth]
May 31 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May 31 11:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Failed password for invalid user tuan from 210.79.142.221 port 47330 ssh2
May 31 11:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Received disconnect from 210.79.142.221 port 47330:11: Bye Bye [preauth]
May 31 11:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Disconnected from 210.79.142.221 port 47330 [preauth]
May 31 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11828]: pam_unix(cron:session): session closed for user root
May 31 11:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 11:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Failed password for root from 103.27.238.116 port 38816 ssh2
May 31 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for root from 103.27.238.120 port 60348 ssh2
May 31 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Connection closed by 103.27.238.116 port 38816 [preauth]
May 31 11:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Connection closed by 103.27.238.120 port 60348 [preauth]
May 31 11:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Failed password for root from 202.133.90.219 port 46328 ssh2
May 31 11:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Failed password for root from 37.233.85.71 port 45046 ssh2
May 31 11:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Connection closed by 202.133.90.219 port 46328 [preauth]
May 31 11:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Connection closed by 37.233.85.71 port 45046 [preauth]
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session closed for user p13x
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: Successful su for rubyman by root
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: + ??? root:rubyman
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428992 of user rubyman.
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13327]: pam_unix(su:session): session closed for user rubyman
May 31 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428992.
May 31 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10480]: pam_unix(cron:session): session closed for user root
May 31 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session closed for user samftp
May 31 11:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Invalid user bitrix from 183.104.26.197
May 31 11:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: input_userauth_request: invalid user bitrix [preauth]
May 31 11:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Failed password for invalid user bitrix from 183.104.26.197 port 42124 ssh2
May 31 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Received disconnect from 183.104.26.197 port 42124:11: Bye Bye [preauth]
May 31 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Disconnected from 183.104.26.197 port 42124 [preauth]
May 31 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Invalid user gustavo from 138.124.73.129
May 31 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: input_userauth_request: invalid user gustavo [preauth]
May 31 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Failed password for invalid user gustavo from 138.124.73.129 port 19360 ssh2
May 31 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Received disconnect from 138.124.73.129 port 19360:11: Bye Bye [preauth]
May 31 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Disconnected from 138.124.73.129 port 19360 [preauth]
May 31 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user root
May 31 11:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Invalid user user5 from 103.199.19.57
May 31 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: input_userauth_request: invalid user user5 [preauth]
May 31 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Failed password for invalid user user5 from 103.199.19.57 port 55090 ssh2
May 31 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Received disconnect from 103.199.19.57 port 55090:11: Bye Bye [preauth]
May 31 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Disconnected from 103.199.19.57 port 55090 [preauth]
May 31 11:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: Failed password for root from 202.133.90.219 port 44308 ssh2
May 31 11:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: Connection closed by 202.133.90.219 port 44308 [preauth]
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13651]: pam_unix(cron:session): session closed for user p13x
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: Successful su for rubyman by root
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: + ??? root:rubyman
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 428997 of user rubyman.
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: pam_unix(su:session): session closed for user rubyman
May 31 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 428997.
May 31 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session closed for user root
May 31 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session closed for user samftp
May 31 11:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: Failed password for root from 176.32.39.21 port 45556 ssh2
May 31 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: Connection closed by 176.32.39.21 port 45556 [preauth]
May 31 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user root
May 31 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May 31 11:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Failed password for root from 210.79.142.221 port 34172 ssh2
May 31 11:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Received disconnect from 210.79.142.221 port 34172:11: Bye Bye [preauth]
May 31 11:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Disconnected from 210.79.142.221 port 34172 [preauth]
May 31 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Invalid user guest2 from 138.124.73.129
May 31 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: input_userauth_request: invalid user guest2 [preauth]
May 31 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Failed password for invalid user guest2 from 138.124.73.129 port 25296 ssh2
May 31 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Received disconnect from 138.124.73.129 port 25296:11: Bye Bye [preauth]
May 31 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Disconnected from 138.124.73.129 port 25296 [preauth]
May 31 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Failed password for root from 202.133.90.219 port 40364 ssh2
May 31 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Connection closed by 202.133.90.219 port 40364 [preauth]
May 31 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: Failed password for root from 183.104.26.197 port 42232 ssh2
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: Received disconnect from 183.104.26.197 port 42232:11: Bye Bye [preauth]
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: Disconnected from 183.104.26.197 port 42232 [preauth]
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14061]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14062]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14059]: pam_unix(cron:session): session closed for user p13x
May 31 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14125]: Successful su for rubyman by root
May 31 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14125]: + ??? root:rubyman
May 31 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429000 of user rubyman.
May 31 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14125]: pam_unix(su:session): session closed for user rubyman
May 31 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429000.
May 31 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session closed for user root
May 31 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14060]: pam_unix(cron:session): session closed for user samftp
May 31 11:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182  user=root
May 31 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: Failed password for root from 80.94.92.182 port 60408 ssh2
May 31 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: Connection closed by 80.94.92.182 port 60408 [preauth]
May 31 11:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57  user=root
May 31 11:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Failed password for root from 103.199.19.57 port 59902 ssh2
May 31 11:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Received disconnect from 103.199.19.57 port 59902:11: Bye Bye [preauth]
May 31 11:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Disconnected from 103.199.19.57 port 59902 [preauth]
May 31 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session closed for user root
May 31 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Failed password for root from 202.133.90.219 port 38750 ssh2
May 31 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Connection closed by 202.133.90.219 port 38750 [preauth]
May 31 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session closed for user p13x
May 31 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: Successful su for rubyman by root
May 31 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: + ??? root:rubyman
May 31 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429005 of user rubyman.
May 31 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: pam_unix(su:session): session closed for user rubyman
May 31 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429005.
May 31 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11827]: pam_unix(cron:session): session closed for user root
May 31 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session closed for user samftp
May 31 11:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: Failed password for root from 138.124.73.129 port 16128 ssh2
May 31 11:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: Received disconnect from 138.124.73.129 port 16128:11: Bye Bye [preauth]
May 31 11:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: Disconnected from 138.124.73.129 port 16128 [preauth]
May 31 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user root
May 31 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Invalid user username from 183.104.26.197
May 31 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: input_userauth_request: invalid user username [preauth]
May 31 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Failed password for invalid user username from 183.104.26.197 port 50638 ssh2
May 31 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Received disconnect from 183.104.26.197 port 50638:11: Bye Bye [preauth]
May 31 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Disconnected from 183.104.26.197 port 50638 [preauth]
May 31 11:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Failed password for root from 87.251.79.125 port 45132 ssh2
May 31 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Connection closed by 87.251.79.125 port 45132 [preauth]
May 31 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57  user=root
May 31 11:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14926]: Failed password for root from 103.199.19.57 port 38578 ssh2
May 31 11:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14926]: Received disconnect from 103.199.19.57 port 38578:11: Bye Bye [preauth]
May 31 11:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14926]: Disconnected from 103.199.19.57 port 38578 [preauth]
May 31 11:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Failed password for root from 202.133.90.219 port 46492 ssh2
May 31 11:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Connection closed by 202.133.90.219 port 46492 [preauth]
May 31 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14945]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session closed for user root
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session closed for user p13x
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: Successful su for rubyman by root
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: + ??? root:rubyman
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429009 of user rubyman.
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: pam_unix(su:session): session closed for user rubyman
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429009.
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Invalid user ftp_user from 210.79.142.221
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: input_userauth_request: invalid user ftp_user [preauth]
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May 31 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session closed for user root
May 31 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session closed for user root
May 31 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Failed password for invalid user ftp_user from 210.79.142.221 port 39342 ssh2
May 31 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Received disconnect from 210.79.142.221 port 39342:11: Bye Bye [preauth]
May 31 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Disconnected from 210.79.142.221 port 39342 [preauth]
May 31 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session closed for user samftp
May 31 11:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 11:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: Failed password for root from 194.113.233.25 port 42558 ssh2
May 31 11:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: Connection closed by 194.113.233.25 port 42558 [preauth]
May 31 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Invalid user pad from 173.254.234.162
May 31 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: input_userauth_request: invalid user pad [preauth]
May 31 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Failed password for invalid user pad from 173.254.234.162 port 34502 ssh2
May 31 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Connection closed by 173.254.234.162 port 34502 [preauth]
May 31 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14062]: pam_unix(cron:session): session closed for user root
May 31 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Invalid user jane from 138.124.73.129
May 31 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: input_userauth_request: invalid user jane [preauth]
May 31 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Failed password for invalid user jane from 138.124.73.129 port 10604 ssh2
May 31 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Received disconnect from 138.124.73.129 port 10604:11: Bye Bye [preauth]
May 31 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Disconnected from 138.124.73.129 port 10604 [preauth]
May 31 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 31 11:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.138.34
May 31 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Connection closed by 194.59.206.2 port 58886 [preauth]
May 31 11:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Failed password for root from 202.133.90.219 port 42082 ssh2
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15403]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15404]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15401]: pam_unix(cron:session): session closed for user p13x
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Connection closed by 202.133.90.219 port 42082 [preauth]
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: Successful su for rubyman by root
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: + ??? root:rubyman
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429014 of user rubyman.
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session closed for user rubyman
May 31 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429014.
May 31 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user root
May 31 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15402]: pam_unix(cron:session): session closed for user samftp
May 31 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Invalid user robot from 183.104.26.197
May 31 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: input_userauth_request: invalid user robot [preauth]
May 31 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Failed password for invalid user robot from 183.104.26.197 port 43686 ssh2
May 31 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Received disconnect from 183.104.26.197 port 43686:11: Bye Bye [preauth]
May 31 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Disconnected from 183.104.26.197 port 43686 [preauth]
May 31 11:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Invalid user tes from 103.199.19.57
May 31 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: input_userauth_request: invalid user tes [preauth]
May 31 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for invalid user tes from 103.199.19.57 port 38224 ssh2
May 31 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Received disconnect from 103.199.19.57 port 38224:11: Bye Bye [preauth]
May 31 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Disconnected from 103.199.19.57 port 38224 [preauth]
May 31 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user root
May 31 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Failed password for root from 103.82.20.28 port 46082 ssh2
May 31 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Connection closed by 103.82.20.28 port 46082 [preauth]
May 31 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 11:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: Failed password for root from 103.153.68.219 port 59450 ssh2
May 31 11:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: Connection closed by 103.153.68.219 port 59450 [preauth]
May 31 11:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15808]: pam_unix(cron:session): session closed for user p13x
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: Successful su for rubyman by root
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: + ??? root:rubyman
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429019 of user rubyman.
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: pam_unix(su:session): session closed for user rubyman
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429019.
May 31 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Failed password for root from 138.124.73.129 port 64788 ssh2
May 31 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Received disconnect from 138.124.73.129 port 64788:11: Bye Bye [preauth]
May 31 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Disconnected from 138.124.73.129 port 64788 [preauth]
May 31 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session closed for user root
May 31 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Failed password for root from 202.133.90.219 port 53926 ssh2
May 31 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15809]: pam_unix(cron:session): session closed for user samftp
May 31 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Connection closed by 202.133.90.219 port 53926 [preauth]
May 31 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Invalid user teste from 210.79.142.221
May 31 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: input_userauth_request: invalid user teste [preauth]
May 31 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May 31 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Failed password for invalid user teste from 210.79.142.221 port 54934 ssh2
May 31 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182  user=root
May 31 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Received disconnect from 210.79.142.221 port 54934:11: Bye Bye [preauth]
May 31 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Disconnected from 210.79.142.221 port 54934 [preauth]
May 31 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Failed password for root from 80.94.92.182 port 34890 ssh2
May 31 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Connection closed by 80.94.92.182 port 34890 [preauth]
May 31 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14945]: pam_unix(cron:session): session closed for user root
May 31 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: Invalid user xiaolin from 183.104.26.197
May 31 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: input_userauth_request: invalid user xiaolin [preauth]
May 31 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: Invalid user kamera from 103.199.19.57
May 31 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: input_userauth_request: invalid user kamera [preauth]
May 31 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: Failed password for invalid user xiaolin from 183.104.26.197 port 55162 ssh2
May 31 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: Received disconnect from 183.104.26.197 port 55162:11: Bye Bye [preauth]
May 31 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: Disconnected from 183.104.26.197 port 55162 [preauth]
May 31 11:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: Failed password for invalid user kamera from 103.199.19.57 port 41112 ssh2
May 31 11:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: Received disconnect from 103.199.19.57 port 41112:11: Bye Bye [preauth]
May 31 11:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: Disconnected from 103.199.19.57 port 41112 [preauth]
May 31 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session closed for user p13x
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16256]: Successful su for rubyman by root
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16256]: + ??? root:rubyman
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429022 of user rubyman.
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16256]: pam_unix(su:session): session closed for user rubyman
May 31 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429022.
May 31 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session closed for user root
May 31 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Failed password for root from 202.133.90.219 port 49456 ssh2
May 31 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session closed for user samftp
May 31 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Connection closed by 202.133.90.219 port 49456 [preauth]
May 31 11:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Failed password for root from 138.124.73.129 port 16956 ssh2
May 31 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Received disconnect from 138.124.73.129 port 16956:11: Bye Bye [preauth]
May 31 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Disconnected from 138.124.73.129 port 16956 [preauth]
May 31 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15404]: pam_unix(cron:session): session closed for user root
May 31 11:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session closed for user p13x
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: Successful su for rubyman by root
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: + ??? root:rubyman
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429027 of user rubyman.
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: pam_unix(su:session): session closed for user rubyman
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429027.
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Failed password for root from 62.133.63.178 port 43394 ssh2
May 31 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Connection closed by 62.133.63.178 port 43394 [preauth]
May 31 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14061]: pam_unix(cron:session): session closed for user root
May 31 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session closed for user samftp
May 31 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: Failed password for root from 170.82.76.2 port 50381 ssh2
May 31 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: Connection closed by 170.82.76.2 port 50381 [preauth]
May 31 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Failed password for root from 202.133.90.219 port 45822 ssh2
May 31 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Connection closed by 202.133.90.219 port 45822 [preauth]
May 31 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Invalid user ubuntu from 103.199.19.57
May 31 11:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: input_userauth_request: invalid user ubuntu [preauth]
May 31 11:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user ubuntu from 103.199.19.57 port 57942 ssh2
May 31 11:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Received disconnect from 103.199.19.57 port 57942:11: Bye Bye [preauth]
May 31 11:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Disconnected from 103.199.19.57 port 57942 [preauth]
May 31 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15811]: pam_unix(cron:session): session closed for user root
May 31 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Failed password for root from 183.104.26.197 port 60194 ssh2
May 31 11:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Received disconnect from 183.104.26.197 port 60194:11: Bye Bye [preauth]
May 31 11:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Disconnected from 183.104.26.197 port 60194 [preauth]
May 31 11:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Invalid user nathaniel from 210.79.142.221
May 31 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: input_userauth_request: invalid user nathaniel [preauth]
May 31 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May 31 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Failed password for invalid user nathaniel from 210.79.142.221 port 50264 ssh2
May 31 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: Failed password for root from 185.156.73.233 port 56488 ssh2
May 31 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Received disconnect from 210.79.142.221 port 50264:11: Bye Bye [preauth]
May 31 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Disconnected from 210.79.142.221 port 50264 [preauth]
May 31 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: Connection closed by 185.156.73.233 port 56488 [preauth]
May 31 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Failed password for root from 138.124.73.129 port 48608 ssh2
May 31 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Received disconnect from 138.124.73.129 port 48608:11: Bye Bye [preauth]
May 31 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Disconnected from 138.124.73.129 port 48608 [preauth]
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16990]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session closed for user root
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16986]: pam_unix(cron:session): session closed for user p13x
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17056]: Successful su for rubyman by root
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17056]: + ??? root:rubyman
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429031 of user rubyman.
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17056]: pam_unix(su:session): session closed for user rubyman
May 31 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429031.
May 31 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session closed for user root
May 31 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session closed for user root
May 31 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16987]: pam_unix(cron:session): session closed for user samftp
May 31 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: Failed password for root from 202.133.90.219 port 37880 ssh2
May 31 11:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: Connection closed by 202.133.90.219 port 37880 [preauth]
May 31 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session closed for user root
May 31 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Failed password for root from 109.172.54.111 port 47036 ssh2
May 31 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Connection closed by 109.172.54.111 port 47036 [preauth]
May 31 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57  user=root
May 31 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 11:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: Failed password for root from 103.199.19.57 port 47682 ssh2
May 31 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: Received disconnect from 103.199.19.57 port 47682:11: Bye Bye [preauth]
May 31 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: Disconnected from 103.199.19.57 port 47682 [preauth]
May 31 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Failed password for root from 80.66.85.226 port 38544 ssh2
May 31 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Connection closed by 80.66.85.226 port 38544 [preauth]
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17418]: pam_unix(cron:session): session closed for user p13x
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17494]: Successful su for rubyman by root
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17494]: + ??? root:rubyman
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429037 of user rubyman.
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17494]: pam_unix(su:session): session closed for user rubyman
May 31 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429037.
May 31 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session closed for user root
May 31 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session closed for user samftp
May 31 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Failed password for root from 202.133.90.219 port 37460 ssh2
May 31 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Connection closed by 202.133.90.219 port 37460 [preauth]
May 31 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Invalid user dev from 168.220.237.171
May 31 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: input_userauth_request: invalid user dev [preauth]
May 31 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.220.237.171
May 31 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129  user=root
May 31 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for invalid user dev from 168.220.237.171 port 50620 ssh2
May 31 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Failed password for root from 138.124.73.129 port 59868 ssh2
May 31 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Received disconnect from 138.124.73.129 port 59868:11: Bye Bye [preauth]
May 31 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Disconnected from 138.124.73.129 port 59868 [preauth]
May 31 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 168.220.237.171 port 50620 [preauth]
May 31 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Invalid user fengyun from 183.104.26.197
May 31 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: input_userauth_request: invalid user fengyun [preauth]
May 31 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Failed password for invalid user fengyun from 183.104.26.197 port 50640 ssh2
May 31 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Received disconnect from 183.104.26.197 port 50640:11: Bye Bye [preauth]
May 31 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Disconnected from 183.104.26.197 port 50640 [preauth]
May 31 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Invalid user admin from 45.148.10.121
May 31 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: input_userauth_request: invalid user admin [preauth]
May 31 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Failed password for invalid user admin from 45.148.10.121 port 54582 ssh2
May 31 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Connection closed by 45.148.10.121 port 54582 [preauth]
May 31 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session closed for user root
May 31 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Invalid user solana from 80.94.92.182
May 31 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: input_userauth_request: invalid user solana [preauth]
May 31 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Failed password for invalid user solana from 80.94.92.182 port 37590 ssh2
May 31 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Connection closed by 80.94.92.182 port 37590 [preauth]
May 31 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17928]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17925]: pam_unix(cron:session): session closed for user p13x
May 31 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17982]: Successful su for rubyman by root
May 31 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17982]: + ??? root:rubyman
May 31 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429040 of user rubyman.
May 31 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17982]: pam_unix(su:session): session closed for user rubyman
May 31 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429040.
May 31 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15403]: pam_unix(cron:session): session closed for user root
May 31 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17926]: pam_unix(cron:session): session closed for user samftp
May 31 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May 31 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Failed password for root from 210.79.142.221 port 47936 ssh2
May 31 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Received disconnect from 210.79.142.221 port 47936:11: Bye Bye [preauth]
May 31 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18178]: Disconnected from 210.79.142.221 port 47936 [preauth]
May 31 11:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18189]: Failed password for root from 202.133.90.219 port 42840 ssh2
May 31 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18189]: Connection closed by 202.133.90.219 port 42840 [preauth]
May 31 11:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57  user=root
May 31 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16990]: pam_unix(cron:session): session closed for user root
May 31 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Failed password for root from 103.199.19.57 port 34206 ssh2
May 31 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Received disconnect from 103.199.19.57 port 34206:11: Bye Bye [preauth]
May 31 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Disconnected from 103.199.19.57 port 34206 [preauth]
May 31 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Invalid user andong from 138.124.73.129
May 31 11:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: input_userauth_request: invalid user andong [preauth]
May 31 11:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Failed password for invalid user andong from 138.124.73.129 port 58190 ssh2
May 31 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Received disconnect from 138.124.73.129 port 58190:11: Bye Bye [preauth]
May 31 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Disconnected from 138.124.73.129 port 58190 [preauth]
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18345]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18344]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18342]: pam_unix(cron:session): session closed for user p13x
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: Successful su for rubyman by root
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: + ??? root:rubyman
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429044 of user rubyman.
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: pam_unix(su:session): session closed for user rubyman
May 31 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429044.
May 31 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15810]: pam_unix(cron:session): session closed for user root
May 31 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18343]: pam_unix(cron:session): session closed for user samftp
May 31 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for root from 183.104.26.197 port 33058 ssh2
May 31 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Received disconnect from 183.104.26.197 port 33058:11: Bye Bye [preauth]
May 31 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Disconnected from 183.104.26.197 port 33058 [preauth]
May 31 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18687]: Failed password for root from 202.133.90.219 port 49690 ssh2
May 31 11:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18687]: Connection closed by 202.133.90.219 port 49690 [preauth]
May 31 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session closed for user root
May 31 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Failed password for root from 62.133.62.83 port 59044 ssh2
May 31 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Connection closed by 62.133.62.83 port 59044 [preauth]
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18866]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session closed for user p13x
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: Successful su for rubyman by root
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: + ??? root:rubyman
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429047 of user rubyman.
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: pam_unix(su:session): session closed for user rubyman
May 31 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429047.
May 31 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
May 31 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: Invalid user ftp_user from 103.199.19.57
May 31 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: input_userauth_request: invalid user ftp_user [preauth]
May 31 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session closed for user root
May 31 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: Failed password for invalid user ftp_user from 103.199.19.57 port 41868 ssh2
May 31 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session closed for user samftp
May 31 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: Received disconnect from 103.199.19.57 port 41868:11: Bye Bye [preauth]
May 31 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19016]: Disconnected from 103.199.19.57 port 41868 [preauth]
May 31 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: Invalid user bit from 138.124.73.129
May 31 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: input_userauth_request: invalid user bit [preauth]
May 31 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: Failed password for invalid user bit from 138.124.73.129 port 24826 ssh2
May 31 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: Received disconnect from 138.124.73.129 port 24826:11: Bye Bye [preauth]
May 31 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19268]: Disconnected from 138.124.73.129 port 24826 [preauth]
May 31 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19313]: Failed password for root from 202.133.90.219 port 38872 ssh2
May 31 11:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19313]: Connection closed by 202.133.90.219 port 38872 [preauth]
May 31 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17928]: pam_unix(cron:session): session closed for user root
May 31 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Invalid user hl from 183.104.26.197
May 31 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: input_userauth_request: invalid user hl [preauth]
May 31 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197
May 31 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Failed password for invalid user hl from 183.104.26.197 port 52896 ssh2
May 31 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Received disconnect from 183.104.26.197 port 52896:11: Bye Bye [preauth]
May 31 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Disconnected from 183.104.26.197 port 52896 [preauth]
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session closed for user root
May 31 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19446]: pam_unix(cron:session): session closed for user p13x
May 31 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: Successful su for rubyman by root
May 31 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: + ??? root:rubyman
May 31 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429052 of user rubyman.
May 31 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: pam_unix(su:session): session closed for user rubyman
May 31 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429052.
May 31 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session closed for user root
May 31 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session closed for user root
May 31 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19447]: pam_unix(cron:session): session closed for user samftp
May 31 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: Failed password for root from 202.133.90.219 port 36094 ssh2
May 31 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: Connection closed by 202.133.90.219 port 36094 [preauth]
May 31 11:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Invalid user elizabeth from 138.124.73.129
May 31 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: input_userauth_request: invalid user elizabeth [preauth]
May 31 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.73.129
May 31 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Failed password for invalid user elizabeth from 138.124.73.129 port 16874 ssh2
May 31 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18345]: pam_unix(cron:session): session closed for user root
May 31 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Received disconnect from 138.124.73.129 port 16874:11: Bye Bye [preauth]
May 31 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Disconnected from 138.124.73.129 port 16874 [preauth]
May 31 11:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57  user=root
May 31 11:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: Invalid user solana from 80.94.92.182
May 31 11:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: input_userauth_request: invalid user solana [preauth]
May 31 11:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Failed password for root from 103.199.19.57 port 44266 ssh2
May 31 11:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Received disconnect from 103.199.19.57 port 44266:11: Bye Bye [preauth]
May 31 11:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Disconnected from 103.199.19.57 port 44266 [preauth]
May 31 11:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: Failed password for invalid user solana from 80.94.92.182 port 40296 ssh2
May 31 11:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: Connection closed by 80.94.92.182 port 40296 [preauth]
May 31 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session closed for user p13x
May 31 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20253]: Successful su for rubyman by root
May 31 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20253]: + ??? root:rubyman
May 31 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429061 of user rubyman.
May 31 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20253]: pam_unix(su:session): session closed for user rubyman
May 31 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429061.
May 31 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session closed for user root
May 31 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session closed for user samftp
May 31 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Failed password for root from 183.104.26.197 port 58460 ssh2
May 31 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Received disconnect from 183.104.26.197 port 58460:11: Bye Bye [preauth]
May 31 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Disconnected from 183.104.26.197 port 58460 [preauth]
May 31 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18866]: pam_unix(cron:session): session closed for user root
May 31 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Failed password for root from 202.133.90.219 port 59244 ssh2
May 31 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Connection closed by 202.133.90.219 port 59244 [preauth]
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session closed for user p13x
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: Successful su for rubyman by root
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: + ??? root:rubyman
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429063 of user rubyman.
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session closed for user rubyman
May 31 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429063.
May 31 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user root
May 31 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session closed for user samftp
May 31 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Invalid user swapna from 103.199.19.57
May 31 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: input_userauth_request: invalid user swapna [preauth]
May 31 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 11:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Failed password for invalid user swapna from 103.199.19.57 port 39336 ssh2
May 31 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Received disconnect from 103.199.19.57 port 39336:11: Bye Bye [preauth]
May 31 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Disconnected from 103.199.19.57 port 39336 [preauth]
May 31 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Failed password for root from 103.77.175.15 port 58130 ssh2
May 31 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Connection closed by 103.77.175.15 port 58130 [preauth]
May 31 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session closed for user root
May 31 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for root from 202.133.90.219 port 51672 ssh2
May 31 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Connection closed by 202.133.90.219 port 51672 [preauth]
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21099]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21100]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21097]: pam_unix(cron:session): session closed for user p13x
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: Successful su for rubyman by root
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: + ??? root:rubyman
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429066 of user rubyman.
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: pam_unix(su:session): session closed for user rubyman
May 31 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429066.
May 31 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session closed for user root
May 31 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21098]: pam_unix(cron:session): session closed for user samftp
May 31 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: Failed password for root from 183.104.26.197 port 56978 ssh2
May 31 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: Received disconnect from 183.104.26.197 port 56978:11: Bye Bye [preauth]
May 31 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: Disconnected from 183.104.26.197 port 56978 [preauth]
May 31 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20089]: pam_unix(cron:session): session closed for user root
May 31 11:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Failed password for root from 202.133.90.219 port 55830 ssh2
May 31 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Connection closed by 202.133.90.219 port 55830 [preauth]
May 31 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Invalid user pre from 103.199.19.57
May 31 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: input_userauth_request: invalid user pre [preauth]
May 31 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.199.19.57
May 31 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Failed password for invalid user pre from 103.199.19.57 port 55214 ssh2
May 31 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Received disconnect from 103.199.19.57 port 55214:11: Bye Bye [preauth]
May 31 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Disconnected from 103.199.19.57 port 55214 [preauth]
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session closed for user p13x
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: Successful su for rubyman by root
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: + ??? root:rubyman
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429071 of user rubyman.
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: pam_unix(su:session): session closed for user rubyman
May 31 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429071.
May 31 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18344]: pam_unix(cron:session): session closed for user root
May 31 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21518]: pam_unix(cron:session): session closed for user samftp
May 31 11:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Invalid user solana from 80.94.92.182
May 31 11:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: input_userauth_request: invalid user solana [preauth]
May 31 11:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Failed password for invalid user solana from 80.94.92.182 port 43004 ssh2
May 31 11:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Connection closed by 80.94.92.182 port 43004 [preauth]
May 31 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session closed for user root
May 31 11:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Failed password for root from 202.133.90.219 port 37856 ssh2
May 31 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Connection closed by 202.133.90.219 port 37856 [preauth]
May 31 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.26.197  user=root
May 31 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Failed password for root from 183.104.26.197 port 44920 ssh2
May 31 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Received disconnect from 183.104.26.197 port 44920:11: Bye Bye [preauth]
May 31 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Disconnected from 183.104.26.197 port 44920 [preauth]
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21938]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21940]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21941]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21939]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21941]: pam_unix(cron:session): session closed for user root
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session closed for user p13x
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22001]: Successful su for rubyman by root
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22001]: + ??? root:rubyman
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429077 of user rubyman.
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22001]: pam_unix(su:session): session closed for user rubyman
May 31 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429077.
May 31 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21938]: pam_unix(cron:session): session closed for user root
May 31 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session closed for user root
May 31 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21937]: pam_unix(cron:session): session closed for user samftp
May 31 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Failed password for root from 77.94.47.83 port 54410 ssh2
May 31 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Connection closed by 77.94.47.83 port 54410 [preauth]
May 31 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21100]: pam_unix(cron:session): session closed for user root
May 31 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Failed password for root from 202.133.90.219 port 56480 ssh2
May 31 11:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Connection closed by 202.133.90.219 port 56480 [preauth]
May 31 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22363]: pam_unix(cron:session): session closed for user p13x
May 31 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: Successful su for rubyman by root
May 31 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: + ??? root:rubyman
May 31 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429080 of user rubyman.
May 31 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: pam_unix(su:session): session closed for user rubyman
May 31 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429080.
May 31 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session closed for user root
May 31 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22364]: pam_unix(cron:session): session closed for user samftp
May 31 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: User uucp from 185.156.73.233 not allowed because not listed in AllowUsers
May 31 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: input_userauth_request: invalid user uucp [preauth]
May 31 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=uucp
May 31 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Failed password for invalid user uucp from 185.156.73.233 port 36272 ssh2
May 31 11:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Connection closed by 185.156.73.233 port 36272 [preauth]
May 31 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session closed for user root
May 31 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for root from 202.133.90.219 port 49076 ssh2
May 31 11:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Connection closed by 202.133.90.219 port 49076 [preauth]
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session closed for user p13x
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: Successful su for rubyman by root
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: + ??? root:rubyman
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429084 of user rubyman.
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: pam_unix(su:session): session closed for user rubyman
May 31 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429084.
May 31 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user root
May 31 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user samftp
May 31 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21940]: pam_unix(cron:session): session closed for user root
May 31 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Failed password for root from 103.176.20.57 port 33780 ssh2
May 31 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Connection closed by 103.176.20.57 port 33780 [preauth]
May 31 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: Failed password for root from 202.133.90.219 port 45444 ssh2
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23144]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23145]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session closed for user p13x
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23202]: Successful su for rubyman by root
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23202]: + ??? root:rubyman
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429088 of user rubyman.
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23202]: pam_unix(su:session): session closed for user rubyman
May 31 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429088.
May 31 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: Connection closed by 202.133.90.219 port 45444 [preauth]
May 31 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session closed for user root
May 31 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23143]: pam_unix(cron:session): session closed for user samftp
May 31 11:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Invalid user sol from 80.94.92.182
May 31 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: input_userauth_request: invalid user sol [preauth]
May 31 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Failed password for invalid user sol from 80.94.92.182 port 45752 ssh2
May 31 11:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Connection closed by 80.94.92.182 port 45752 [preauth]
May 31 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session closed for user root
May 31 11:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Failed password for root from 202.133.90.219 port 55824 ssh2
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Connection closed by 202.133.90.219 port 55824 [preauth]
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session closed for user p13x
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: Successful su for rubyman by root
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: + ??? root:rubyman
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429093 of user rubyman.
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: pam_unix(su:session): session closed for user rubyman
May 31 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429093.
May 31 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21099]: pam_unix(cron:session): session closed for user root
May 31 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session closed for user samftp
May 31 11:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Failed password for root from 103.122.221.179 port 38990 ssh2
May 31 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Connection closed by 103.122.221.179 port 38990 [preauth]
May 31 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session closed for user root
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session closed for user root
May 31 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session closed for user p13x
May 31 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: Successful su for rubyman by root
May 31 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: + ??? root:rubyman
May 31 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429097 of user rubyman.
May 31 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: pam_unix(su:session): session closed for user rubyman
May 31 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429097.
May 31 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session closed for user root
May 31 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session closed for user root
May 31 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session closed for user samftp
May 31 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for root from 202.133.90.219 port 45998 ssh2
May 31 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Connection closed by 202.133.90.219 port 45998 [preauth]
May 31 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23145]: pam_unix(cron:session): session closed for user root
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24522]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24523]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session closed for user p13x
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: Successful su for rubyman by root
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: + ??? root:rubyman
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429104 of user rubyman.
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: pam_unix(su:session): session closed for user rubyman
May 31 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429104.
May 31 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21939]: pam_unix(cron:session): session closed for user root
May 31 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session closed for user samftp
May 31 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: Failed password for root from 202.133.90.219 port 46086 ssh2
May 31 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: Connection closed by 202.133.90.219 port 46086 [preauth]
May 31 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session closed for user root
May 31 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: Invalid user sol from 80.94.92.182
May 31 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: input_userauth_request: invalid user sol [preauth]
May 31 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: Failed password for invalid user sol from 80.94.92.182 port 48434 ssh2
May 31 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24929]: Connection closed by 80.94.92.182 port 48434 [preauth]
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24951]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24950]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24948]: pam_unix(cron:session): session closed for user p13x
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25012]: Successful su for rubyman by root
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25012]: + ??? root:rubyman
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429106 of user rubyman.
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25012]: pam_unix(su:session): session closed for user rubyman
May 31 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429106.
May 31 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session closed for user root
May 31 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24949]: pam_unix(cron:session): session closed for user samftp
May 31 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Failed password for root from 193.37.70.224 port 50798 ssh2
May 31 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Connection closed by 193.37.70.224 port 50798 [preauth]
May 31 11:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Failed password for root from 202.133.90.219 port 42322 ssh2
May 31 11:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Connection closed by 202.133.90.219 port 42322 [preauth]
May 31 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session closed for user root
May 31 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25348]: pam_unix(cron:session): session closed for user p13x
May 31 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: Successful su for rubyman by root
May 31 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: + ??? root:rubyman
May 31 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429110 of user rubyman.
May 31 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: pam_unix(su:session): session closed for user rubyman
May 31 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429110.
May 31 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session closed for user root
May 31 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session closed for user samftp
May 31 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25622]: Failed password for root from 202.133.90.219 port 57254 ssh2
May 31 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25622]: Connection closed by 202.133.90.219 port 57254 [preauth]
May 31 11:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24523]: pam_unix(cron:session): session closed for user root
May 31 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session closed for user p13x
May 31 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25807]: Successful su for rubyman by root
May 31 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25807]: + ??? root:rubyman
May 31 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429116 of user rubyman.
May 31 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25807]: pam_unix(su:session): session closed for user rubyman
May 31 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429116.
May 31 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23144]: pam_unix(cron:session): session closed for user root
May 31 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session closed for user samftp
May 31 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Invalid user ritsuna from 202.133.90.219
May 31 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: input_userauth_request: invalid user ritsuna [preauth]
May 31 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user ritsuna from 202.133.90.219 port 47246 ssh2
May 31 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Connection closed by 202.133.90.219 port 47246 [preauth]
May 31 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24951]: pam_unix(cron:session): session closed for user root
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session closed for user root
May 31 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session closed for user p13x
May 31 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26205]: Successful su for rubyman by root
May 31 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26205]: + ??? root:rubyman
May 31 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429118 of user rubyman.
May 31 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26205]: pam_unix(su:session): session closed for user rubyman
May 31 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429118.
May 31 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session closed for user root
May 31 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session closed for user root
May 31 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session closed for user samftp
May 31 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: Failed password for root from 103.149.170.125 port 52812 ssh2
May 31 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: Connection closed by 103.149.170.125 port 52812 [preauth]
May 31 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182  user=root
May 31 11:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: Failed password for root from 80.94.92.182 port 51122 ssh2
May 31 11:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: Connection closed by 80.94.92.182 port 51122 [preauth]
May 31 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: Invalid user redis from 202.133.90.219
May 31 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: input_userauth_request: invalid user redis [preauth]
May 31 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session closed for user root
May 31 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: Failed password for invalid user redis from 202.133.90.219 port 55482 ssh2
May 31 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: Connection closed by 202.133.90.219 port 55482 [preauth]
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session closed for user p13x
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26631]: Successful su for rubyman by root
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26631]: + ??? root:rubyman
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429124 of user rubyman.
May 31 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26631]: pam_unix(su:session): session closed for user rubyman
May 31 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429124.
May 31 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session closed for user root
May 31 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session closed for user samftp
May 31 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user root
May 31 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Invalid user postgres from 202.133.90.219
May 31 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: input_userauth_request: invalid user postgres [preauth]
May 31 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Failed password for invalid user postgres from 202.133.90.219 port 43320 ssh2
May 31 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Connection closed by 202.133.90.219 port 43320 [preauth]
May 31 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27053]: pam_unix(cron:session): session closed for user p13x
May 31 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27115]: Successful su for rubyman by root
May 31 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27115]: + ??? root:rubyman
May 31 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429128 of user rubyman.
May 31 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27115]: pam_unix(su:session): session closed for user rubyman
May 31 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429128.
May 31 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24522]: pam_unix(cron:session): session closed for user root
May 31 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session closed for user samftp
May 31 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session closed for user root
May 31 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Invalid user orangepi from 202.133.90.219
May 31 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: input_userauth_request: invalid user orangepi [preauth]
May 31 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Failed password for invalid user orangepi from 202.133.90.219 port 46632 ssh2
May 31 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Connection closed by 202.133.90.219 port 46632 [preauth]
May 31 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Invalid user admin from 185.156.73.233
May 31 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: input_userauth_request: invalid user admin [preauth]
May 31 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Failed password for invalid user admin from 185.156.73.233 port 20360 ssh2
May 31 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Connection closed by 185.156.73.233 port 20360 [preauth]
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session closed for user p13x
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27539]: Successful su for rubyman by root
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27539]: + ??? root:rubyman
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429132 of user rubyman.
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27539]: pam_unix(su:session): session closed for user rubyman
May 31 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429132.
May 31 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24950]: pam_unix(cron:session): session closed for user root
May 31 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session closed for user samftp
May 31 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session closed for user root
May 31 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Invalid user oracle from 202.133.90.219
May 31 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: input_userauth_request: invalid user oracle [preauth]
May 31 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Failed password for invalid user oracle from 202.133.90.219 port 37938 ssh2
May 31 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Connection closed by 202.133.90.219 port 37938 [preauth]
May 31 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Invalid user solana from 80.94.92.182
May 31 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: input_userauth_request: invalid user solana [preauth]
May 31 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Failed password for invalid user solana from 80.94.92.182 port 53834 ssh2
May 31 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Connection closed by 80.94.92.182 port 53834 [preauth]
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session closed for user p13x
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27954]: Successful su for rubyman by root
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27954]: + ??? root:rubyman
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429136 of user rubyman.
May 31 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27954]: pam_unix(su:session): session closed for user rubyman
May 31 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429136.
May 31 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session closed for user root
May 31 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session closed for user samftp
May 31 11:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: Received disconnect from 89.42.231.160 port 25834:11: disconnected by user [preauth]
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: Disconnected from 89.42.231.160 port 25834 [preauth]
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Received disconnect from 31.42.176.142 port 19354:11: disconnected by user [preauth]
May 31 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Disconnected from 31.42.176.142 port 19354 [preauth]
May 31 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Received disconnect from 185.89.249.3 port 42550:11: disconnected by user [preauth]
May 31 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Disconnected from 185.89.249.3 port 42550 [preauth]
May 31 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user root
May 31 11:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: Invalid user openhabian from 202.133.90.219
May 31 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: input_userauth_request: invalid user openhabian [preauth]
May 31 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: pam_unix(sshd:auth): check pass; user unknown
May 31 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 11:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: Failed password for invalid user openhabian from 202.133.90.219 port 59194 ssh2
May 31 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: Connection closed by 202.133.90.219 port 59194 [preauth]
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28351]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28352]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28352]: pam_unix(cron:session): session closed for user root
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session closed for user root
May 31 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28346]: pam_unix(cron:session): session closed for user p13x
May 31 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: Successful su for rubyman by root
May 31 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: + ??? root:rubyman
May 31 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429142 of user rubyman.
May 31 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: pam_unix(su:session): session closed for user rubyman
May 31 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429142.
May 31 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session closed for user root
May 31 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session closed for user root
May 31 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28347]: pam_unix(cron:session): session closed for user samftp
May 31 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session closed for user root
May 31 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Invalid user nvidia from 202.133.90.219
May 31 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: input_userauth_request: invalid user nvidia [preauth]
May 31 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for invalid user nvidia from 202.133.90.219 port 52756 ssh2
May 31 12:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Connection closed by 202.133.90.219 port 52756 [preauth]
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28937]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28936]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28934]: pam_unix(cron:session): session closed for user p13x
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29000]: Successful su for rubyman by root
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29000]: + ??? root:rubyman
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429147 of user rubyman.
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29000]: pam_unix(su:session): session closed for user rubyman
May 31 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429147.
May 31 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session closed for user root
May 31 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28935]: pam_unix(cron:session): session closed for user samftp
May 31 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Failed password for root from 38.93.206.2 port 35804 ssh2
May 31 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Connection closed by 38.93.206.2 port 35804 [preauth]
May 31 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session closed for user root
May 31 12:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: User news from 202.133.90.219 not allowed because not listed in AllowUsers
May 31 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: input_userauth_request: invalid user news [preauth]
May 31 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=news
May 31 12:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Failed password for invalid user news from 202.133.90.219 port 38704 ssh2
May 31 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Connection closed by 202.133.90.219 port 38704 [preauth]
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user p13x
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29421]: Successful su for rubyman by root
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29421]: + ??? root:rubyman
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429151 of user rubyman.
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29421]: pam_unix(su:session): session closed for user rubyman
May 31 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429151.
May 31 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user root
May 31 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user samftp
May 31 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Failed password for root from 51.250.105.222 port 57784 ssh2
May 31 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Connection closed by 51.250.105.222 port 57784 [preauth]
May 31 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Invalid user solana from 80.94.92.182
May 31 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: input_userauth_request: invalid user solana [preauth]
May 31 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Failed password for invalid user solana from 80.94.92.182 port 56540 ssh2
May 31 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Connection closed by 80.94.92.182 port 56540 [preauth]
May 31 12:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28351]: pam_unix(cron:session): session closed for user root
May 31 12:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 12:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Failed password for root from 109.237.96.109 port 45148 ssh2
May 31 12:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Connection closed by 109.237.96.109 port 45148 [preauth]
May 31 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Invalid user myshake from 202.133.90.219
May 31 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: input_userauth_request: invalid user myshake [preauth]
May 31 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Failed password for invalid user myshake from 202.133.90.219 port 53042 ssh2
May 31 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Connection closed by 202.133.90.219 port 53042 [preauth]
May 31 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29894]: pam_unix(cron:session): session closed for user p13x
May 31 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: Successful su for rubyman by root
May 31 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: + ??? root:rubyman
May 31 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429156 of user rubyman.
May 31 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: pam_unix(su:session): session closed for user rubyman
May 31 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429156.
May 31 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27055]: pam_unix(cron:session): session closed for user root
May 31 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29895]: pam_unix(cron:session): session closed for user samftp
May 31 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: Failed password for root from 147.45.197.250 port 33424 ssh2
May 31 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: Connection closed by 147.45.197.250 port 33424 [preauth]
May 31 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28937]: pam_unix(cron:session): session closed for user root
May 31 12:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Invalid user mas from 202.133.90.219
May 31 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: input_userauth_request: invalid user mas [preauth]
May 31 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Failed password for invalid user mas from 202.133.90.219 port 52002 ssh2
May 31 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Connection closed by 202.133.90.219 port 52002 [preauth]
May 31 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30319]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30315]: pam_unix(cron:session): session closed for user p13x
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30375]: Successful su for rubyman by root
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30375]: + ??? root:rubyman
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429160 of user rubyman.
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30375]: pam_unix(su:session): session closed for user rubyman
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429160.
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Failed password for root from 147.45.199.80 port 57424 ssh2
May 31 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Connection closed by 147.45.199.80 port 57424 [preauth]
May 31 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session closed for user root
May 31 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Failed password for root from 103.15.222.183 port 33404 ssh2
May 31 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Connection closed by 103.15.222.183 port 33404 [preauth]
May 31 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30317]: pam_unix(cron:session): session closed for user samftp
May 31 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user root
May 31 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Failed password for root from 103.172.78.219 port 49930 ssh2
May 31 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Connection closed by 103.172.78.219 port 49930 [preauth]
May 31 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Connection reset by 45.148.10.141 port 7330 [preauth]
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: Invalid user loguser from 202.133.90.219
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: input_userauth_request: invalid user loguser [preauth]
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session closed for user root
May 31 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30738]: pam_unix(cron:session): session closed for user p13x
May 31 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: Successful su for rubyman by root
May 31 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: + ??? root:rubyman
May 31 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429165 of user rubyman.
May 31 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: pam_unix(su:session): session closed for user rubyman
May 31 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429165.
May 31 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: Failed password for invalid user loguser from 202.133.90.219 port 37956 ssh2
May 31 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session closed for user root
May 31 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session closed for user root
May 31 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30727]: Connection closed by 202.133.90.219 port 37956 [preauth]
May 31 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user samftp
May 31 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29901]: pam_unix(cron:session): session closed for user root
May 31 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Failed password for root from 89.223.69.22 port 53574 ssh2
May 31 12:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Connection closed by 89.223.69.22 port 53574 [preauth]
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session closed for user p13x
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: Successful su for rubyman by root
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: + ??? root:rubyman
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429171 of user rubyman.
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: pam_unix(su:session): session closed for user rubyman
May 31 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429171.
May 31 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session closed for user root
May 31 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session closed for user samftp
May 31 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: Invalid user ken from 202.133.90.219
May 31 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: input_userauth_request: invalid user ken [preauth]
May 31 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: Failed password for invalid user ken from 202.133.90.219 port 39372 ssh2
May 31 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31403]: Connection closed by 202.133.90.219 port 39372 [preauth]
May 31 12:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Invalid user solana from 80.94.92.182
May 31 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: input_userauth_request: invalid user solana [preauth]
May 31 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.182
May 31 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for invalid user solana from 80.94.92.182 port 59226 ssh2
May 31 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Connection closed by 80.94.92.182 port 59226 [preauth]
May 31 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30319]: pam_unix(cron:session): session closed for user root
May 31 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31756]: Received disconnect from 45.90.105.6 port 2032:11: disconnected by user [preauth]
May 31 12:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31756]: Disconnected from 45.90.105.6 port 2032 [preauth]
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31782]: pam_unix(cron:session): session closed for user p13x
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: Successful su for rubyman by root
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: + ??? root:rubyman
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429173 of user rubyman.
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session closed for user rubyman
May 31 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429173.
May 31 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28936]: pam_unix(cron:session): session closed for user root
May 31 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31783]: pam_unix(cron:session): session closed for user samftp
May 31 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Invalid user jenkins from 202.133.90.219
May 31 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: input_userauth_request: invalid user jenkins [preauth]
May 31 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Failed password for invalid user jenkins from 202.133.90.219 port 49190 ssh2
May 31 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Connection closed by 202.133.90.219 port 49190 [preauth]
May 31 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session closed for user root
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32205]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32202]: pam_unix(cron:session): session closed for user p13x
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32259]: Successful su for rubyman by root
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32259]: + ??? root:rubyman
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429177 of user rubyman.
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32259]: pam_unix(su:session): session closed for user rubyman
May 31 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429177.
May 31 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user root
May 31 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session closed for user samftp
May 31 12:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: Invalid user james from 202.133.90.219
May 31 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: input_userauth_request: invalid user james [preauth]
May 31 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: Failed password for invalid user james from 202.133.90.219 port 56446 ssh2
May 31 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: Connection closed by 202.133.90.219 port 56446 [preauth]
May 31 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session closed for user root
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32601]: pam_unix(cron:session): session closed for user p13x
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: Successful su for rubyman by root
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: + ??? root:rubyman
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429183 of user rubyman.
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: pam_unix(su:session): session closed for user rubyman
May 31 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429183.
May 31 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32599]: pam_unix(cron:session): session closed for user root
May 31 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session closed for user root
May 31 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32602]: pam_unix(cron:session): session closed for user samftp
May 31 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Invalid user james from 202.133.90.219
May 31 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: input_userauth_request: invalid user james [preauth]
May 31 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Failed password for invalid user james from 202.133.90.219 port 60200 ssh2
May 31 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Connection closed by 202.133.90.219 port 60200 [preauth]
May 31 12:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session closed for user root
May 31 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[800]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[800]: pam_unix(cron:session): session closed for user root
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session closed for user p13x
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: Successful su for rubyman by root
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: + ??? root:rubyman
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429188 of user rubyman.
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: pam_unix(su:session): session closed for user rubyman
May 31 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429188.
May 31 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session closed for user root
May 31 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session closed for user root
May 31 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session closed for user samftp
May 31 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: Invalid user admin from 185.156.73.233
May 31 12:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: input_userauth_request: invalid user admin [preauth]
May 31 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: Failed password for invalid user admin from 185.156.73.233 port 59328 ssh2
May 31 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1136]: Connection closed by 185.156.73.233 port 59328 [preauth]
May 31 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Invalid user huawei from 202.133.90.219
May 31 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: input_userauth_request: invalid user huawei [preauth]
May 31 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Failed password for invalid user huawei from 202.133.90.219 port 55132 ssh2
May 31 12:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Connection closed by 202.133.90.219 port 55132 [preauth]
May 31 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32205]: pam_unix(cron:session): session closed for user root
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1274]: pam_unix(cron:session): session closed for user p13x
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1356]: Successful su for rubyman by root
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1356]: + ??? root:rubyman
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429194 of user rubyman.
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1356]: pam_unix(su:session): session closed for user rubyman
May 31 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429194.
May 31 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session closed for user samftp
May 31 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session closed for user root
May 31 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Invalid user howard from 202.133.90.219
May 31 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: input_userauth_request: invalid user howard [preauth]
May 31 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for invalid user howard from 202.133.90.219 port 51874 ssh2
May 31 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Connection closed by 202.133.90.219 port 51874 [preauth]
May 31 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session closed for user root
May 31 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Failed password for root from 103.77.242.62 port 51098 ssh2
May 31 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Connection closed by 103.77.242.62 port 51098 [preauth]
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session closed for user p13x
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1889]: Successful su for rubyman by root
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1889]: + ??? root:rubyman
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429197 of user rubyman.
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1889]: pam_unix(su:session): session closed for user rubyman
May 31 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429197.
May 31 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session closed for user root
May 31 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session closed for user samftp
May 31 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Failed password for root from 170.82.76.2 port 50838 ssh2
May 31 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Connection closed by 170.82.76.2 port 50838 [preauth]
May 31 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Invalid user home from 202.133.90.219
May 31 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: input_userauth_request: invalid user home [preauth]
May 31 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Failed password for invalid user home from 202.133.90.219 port 54096 ssh2
May 31 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Connection closed by 202.133.90.219 port 54096 [preauth]
May 31 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session closed for user root
May 31 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for root from 94.159.98.239 port 36808 ssh2
May 31 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Connection closed by 94.159.98.239 port 36808 [preauth]
May 31 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2331]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2328]: pam_unix(cron:session): session closed for user p13x
May 31 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: Successful su for rubyman by root
May 31 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: + ??? root:rubyman
May 31 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429201 of user rubyman.
May 31 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: pam_unix(su:session): session closed for user rubyman
May 31 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429201.
May 31 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31784]: pam_unix(cron:session): session closed for user root
May 31 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session closed for user samftp
May 31 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session closed for user root
May 31 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Invalid user guest from 202.133.90.219
May 31 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: input_userauth_request: invalid user guest [preauth]
May 31 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Failed password for invalid user guest from 202.133.90.219 port 58220 ssh2
May 31 12:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Connection closed by 202.133.90.219 port 58220 [preauth]
May 31 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session closed for user p13x
May 31 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: Successful su for rubyman by root
May 31 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: + ??? root:rubyman
May 31 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429205 of user rubyman.
May 31 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: pam_unix(su:session): session closed for user rubyman
May 31 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429205.
May 31 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session closed for user root
May 31 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user samftp
May 31 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user root
May 31 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: Invalid user grid from 202.133.90.219
May 31 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: input_userauth_request: invalid user grid [preauth]
May 31 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: Failed password for invalid user grid from 202.133.90.219 port 43940 ssh2
May 31 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: Connection closed by 202.133.90.219 port 43940 [preauth]
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3142]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3142]: pam_unix(cron:session): session closed for user root
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session closed for user p13x
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3204]: Successful su for rubyman by root
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3204]: + ??? root:rubyman
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429211 of user rubyman.
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3204]: pam_unix(su:session): session closed for user rubyman
May 31 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429211.
May 31 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session closed for user root
May 31 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session closed for user root
May 31 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session closed for user samftp
May 31 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2331]: pam_unix(cron:session): session closed for user root
May 31 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Invalid user gitlab-runner from 202.133.90.219
May 31 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: input_userauth_request: invalid user gitlab-runner [preauth]
May 31 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Failed password for invalid user gitlab-runner from 202.133.90.219 port 55092 ssh2
May 31 12:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Connection closed by 202.133.90.219 port 55092 [preauth]
May 31 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3575]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3576]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3572]: pam_unix(cron:session): session closed for user p13x
May 31 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3637]: Successful su for rubyman by root
May 31 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3637]: + ??? root:rubyman
May 31 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429214 of user rubyman.
May 31 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3637]: pam_unix(su:session): session closed for user rubyman
May 31 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429214.
May 31 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session closed for user root
May 31 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3574]: pam_unix(cron:session): session closed for user samftp
May 31 12:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Invalid user AdminGPON from 45.148.10.121
May 31 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: input_userauth_request: invalid user AdminGPON [preauth]
May 31 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for invalid user AdminGPON from 45.148.10.121 port 50308 ssh2
May 31 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Connection closed by 45.148.10.121 port 50308 [preauth]
May 31 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user root
May 31 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Failed password for root from 103.173.227.57 port 53216 ssh2
May 31 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Connection closed by 103.173.227.57 port 53216 [preauth]
May 31 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: Invalid user git from 202.133.90.219
May 31 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: input_userauth_request: invalid user git [preauth]
May 31 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: Failed password for invalid user git from 202.133.90.219 port 44364 ssh2
May 31 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: Connection closed by 202.133.90.219 port 44364 [preauth]
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4166]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4162]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4162]: pam_unix(cron:session): session closed for user root
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user p13x
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: Successful su for rubyman by root
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: + ??? root:rubyman
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429218 of user rubyman.
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: pam_unix(su:session): session closed for user rubyman
May 31 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429218.
May 31 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session closed for user root
May 31 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session closed for user samftp
May 31 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Invalid user ubnt from 193.46.255.86
May 31 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: input_userauth_request: invalid user ubnt [preauth]
May 31 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
May 31 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Failed password for invalid user ubnt from 193.46.255.86 port 56410 ssh2
May 31 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Failed password for invalid user ubnt from 193.46.255.86 port 56410 ssh2
May 31 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Failed password for invalid user ubnt from 193.46.255.86 port 56410 ssh2
May 31 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Failed password for invalid user ubnt from 193.46.255.86 port 56410 ssh2
May 31 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Failed password for invalid user ubnt from 193.46.255.86 port 56410 ssh2
May 31 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Received disconnect from 193.46.255.86 port 56410:11: Bye [preauth]
May 31 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Disconnected from 193.46.255.86 port 56410 [preauth]
May 31 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
May 31 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session closed for user root
May 31 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session closed for user p13x
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4642]: Successful su for rubyman by root
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4642]: + ??? root:rubyman
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429224 of user rubyman.
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4642]: pam_unix(su:session): session closed for user rubyman
May 31 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429224.
May 31 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Invalid user git from 202.133.90.219
May 31 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: input_userauth_request: invalid user git [preauth]
May 31 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session closed for user root
May 31 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session closed for user samftp
May 31 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Failed password for invalid user git from 202.133.90.219 port 37268 ssh2
May 31 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Connection closed by 202.133.90.219 port 37268 [preauth]
May 31 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3576]: pam_unix(cron:session): session closed for user root
May 31 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session closed for user p13x
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: Successful su for rubyman by root
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: + ??? root:rubyman
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429227 of user rubyman.
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: pam_unix(su:session): session closed for user rubyman
May 31 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429227.
May 31 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Invalid user ghostuser from 202.133.90.219
May 31 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: input_userauth_request: invalid user ghostuser [preauth]
May 31 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session closed for user root
May 31 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Failed password for invalid user ghostuser from 202.133.90.219 port 53582 ssh2
May 31 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4995]: pam_unix(cron:session): session closed for user samftp
May 31 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Connection closed by 202.133.90.219 port 53582 [preauth]
May 31 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Failed password for root from 185.236.22.41 port 37750 ssh2
May 31 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Connection closed by 185.236.22.41 port 37750 [preauth]
May 31 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Bad protocol version identification '\003' from 192.253.248.180 port 63032
May 31 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session closed for user root
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5393]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5392]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5394]: pam_unix(cron:session): session closed for user root
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5389]: pam_unix(cron:session): session closed for user p13x
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: Successful su for rubyman by root
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: + ??? root:rubyman
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429234 of user rubyman.
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: pam_unix(su:session): session closed for user rubyman
May 31 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429234.
May 31 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5391]: pam_unix(cron:session): session closed for user root
May 31 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user root
May 31 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5390]: pam_unix(cron:session): session closed for user samftp
May 31 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Invalid user ftpuser from 202.133.90.219
May 31 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: input_userauth_request: invalid user ftpuser [preauth]
May 31 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Failed password for invalid user ftpuser from 202.133.90.219 port 46620 ssh2
May 31 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Connection closed by 202.133.90.219 port 46620 [preauth]
May 31 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session closed for user root
May 31 12:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Failed password for root from 193.228.128.84 port 39484 ssh2
May 31 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Connection closed by 193.228.128.84 port 39484 [preauth]
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session closed for user p13x
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: Successful su for rubyman by root
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: + ??? root:rubyman
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429238 of user rubyman.
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: pam_unix(su:session): session closed for user rubyman
May 31 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429238.
May 31 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user root
May 31 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5810]: pam_unix(cron:session): session closed for user samftp
May 31 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: Invalid user array from 80.94.95.115
May 31 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: input_userauth_request: invalid user array [preauth]
May 31 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: Failed password for invalid user array from 80.94.95.115 port 33958 ssh2
May 31 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5994]: Connection closed by 80.94.95.115 port 33958 [preauth]
May 31 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Invalid user ftpuser from 202.133.90.219
May 31 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: input_userauth_request: invalid user ftpuser [preauth]
May 31 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Failed password for invalid user ftpuser from 202.133.90.219 port 40736 ssh2
May 31 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Connection closed by 202.133.90.219 port 40736 [preauth]
May 31 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Did not receive identification string from 118.26.110.171
May 31 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4997]: pam_unix(cron:session): session closed for user root
May 31 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6198]: pam_unix(cron:session): session closed for user p13x
May 31 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6259]: Successful su for rubyman by root
May 31 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6259]: + ??? root:rubyman
May 31 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429242 of user rubyman.
May 31 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6259]: pam_unix(su:session): session closed for user rubyman
May 31 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429242.
May 31 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3575]: pam_unix(cron:session): session closed for user root
May 31 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session closed for user samftp
May 31 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: User ftp from 202.133.90.219 not allowed because not listed in AllowUsers
May 31 12:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: input_userauth_request: invalid user ftp [preauth]
May 31 12:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=ftp
May 31 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Failed password for invalid user ftp from 202.133.90.219 port 55734 ssh2
May 31 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Connection closed by 202.133.90.219 port 55734 [preauth]
May 31 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5393]: pam_unix(cron:session): session closed for user root
May 31 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6585]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6586]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6583]: pam_unix(cron:session): session closed for user p13x
May 31 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6649]: Successful su for rubyman by root
May 31 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6649]: + ??? root:rubyman
May 31 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429247 of user rubyman.
May 31 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6649]: pam_unix(su:session): session closed for user rubyman
May 31 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429247.
May 31 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4166]: pam_unix(cron:session): session closed for user root
May 31 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6584]: pam_unix(cron:session): session closed for user samftp
May 31 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 12:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Failed password for root from 103.82.132.16 port 47546 ssh2
May 31 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Connection closed by 103.82.132.16 port 47546 [preauth]
May 31 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Received disconnect from 192.210.194.2 port 58386:11: disconnected by user [preauth]
May 31 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Disconnected from 192.210.194.2 port 58386 [preauth]
May 31 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Invalid user es from 202.133.90.219
May 31 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: input_userauth_request: invalid user es [preauth]
May 31 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Failed password for invalid user es from 202.133.90.219 port 46664 ssh2
May 31 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Connection closed by 202.133.90.219 port 46664 [preauth]
May 31 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5814]: pam_unix(cron:session): session closed for user root
May 31 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7012]: Failed password for root from 103.149.28.157 port 60322 ssh2
May 31 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7012]: Connection closed by 103.149.28.157 port 60322 [preauth]
May 31 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Did not receive identification string from 106.241.31.17
May 31 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7042]: pam_unix(cron:session): session closed for user p13x
May 31 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7159]: Successful su for rubyman by root
May 31 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7159]: + ??? root:rubyman
May 31 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429249 of user rubyman.
May 31 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7159]: pam_unix(su:session): session closed for user rubyman
May 31 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429249.
May 31 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session closed for user root
May 31 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session closed for user samftp
May 31 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Invalid user elastic from 202.133.90.219
May 31 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: input_userauth_request: invalid user elastic [preauth]
May 31 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session closed for user root
May 31 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Failed password for invalid user elastic from 202.133.90.219 port 57488 ssh2
May 31 12:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Connection closed by 202.133.90.219 port 57488 [preauth]
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session closed for user root
May 31 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7492]: pam_unix(cron:session): session closed for user p13x
May 31 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: Successful su for rubyman by root
May 31 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: + ??? root:rubyman
May 31 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429254 of user rubyman.
May 31 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: pam_unix(su:session): session closed for user rubyman
May 31 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429254.
May 31 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4996]: pam_unix(cron:session): session closed for user root
May 31 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session closed for user root
May 31 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7493]: pam_unix(cron:session): session closed for user samftp
May 31 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6586]: pam_unix(cron:session): session closed for user root
May 31 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: Invalid user dev from 202.133.90.219
May 31 12:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: input_userauth_request: invalid user dev [preauth]
May 31 12:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: Failed password for invalid user dev from 202.133.90.219 port 56150 ssh2
May 31 12:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7948]: Connection closed by 202.133.90.219 port 56150 [preauth]
May 31 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7997]: Received disconnect from 87.121.69.138 port 34878:11: disconnected by user [preauth]
May 31 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7997]: Disconnected from 87.121.69.138 port 34878 [preauth]
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session closed for user p13x
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8076]: Successful su for rubyman by root
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8076]: + ??? root:rubyman
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429259 of user rubyman.
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8076]: pam_unix(su:session): session closed for user rubyman
May 31 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429259.
May 31 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5392]: pam_unix(cron:session): session closed for user root
May 31 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session closed for user samftp
May 31 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session closed for user root
May 31 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Invalid user deployer from 202.133.90.219
May 31 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: input_userauth_request: invalid user deployer [preauth]
May 31 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Failed password for invalid user deployer from 202.133.90.219 port 36180 ssh2
May 31 12:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Connection closed by 202.133.90.219 port 36180 [preauth]
May 31 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session closed for user p13x
May 31 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: Successful su for rubyman by root
May 31 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: + ??? root:rubyman
May 31 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429264 of user rubyman.
May 31 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: pam_unix(su:session): session closed for user rubyman
May 31 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429264.
May 31 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5813]: pam_unix(cron:session): session closed for user root
May 31 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session closed for user samftp
May 31 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session closed for user root
May 31 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Failed password for root from 37.233.85.71 port 45984 ssh2
May 31 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Connection closed by 37.233.85.71 port 45984 [preauth]
May 31 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Invalid user deployer from 202.133.90.219
May 31 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: input_userauth_request: invalid user deployer [preauth]
May 31 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for invalid user deployer from 202.133.90.219 port 50458 ssh2
May 31 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Connection closed by 202.133.90.219 port 50458 [preauth]
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session closed for user p13x
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: Successful su for rubyman by root
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: + ??? root:rubyman
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429267 of user rubyman.
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: pam_unix(su:session): session closed for user rubyman
May 31 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429267.
May 31 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session closed for user root
May 31 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session closed for user samftp
May 31 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Received disconnect from 208.87.243.125 port 50450:11: disconnected by user [preauth]
May 31 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Disconnected from 208.87.243.125 port 50450 [preauth]
May 31 12:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
May 31 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Failed password for root from 147.45.211.215 port 35922 ssh2
May 31 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Connection closed by 147.45.211.215 port 35922 [preauth]
May 31 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session closed for user root
May 31 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Invalid user deploy from 202.133.90.219
May 31 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: input_userauth_request: invalid user deploy [preauth]
May 31 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Failed password for invalid user deploy from 202.133.90.219 port 50166 ssh2
May 31 12:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Connection closed by 202.133.90.219 port 50166 [preauth]
May 31 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 12:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Failed password for root from 87.251.79.125 port 47136 ssh2
May 31 12:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Connection closed by 87.251.79.125 port 47136 [preauth]
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9225]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session closed for user p13x
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9286]: Successful su for rubyman by root
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9286]: + ??? root:rubyman
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429273 of user rubyman.
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9286]: pam_unix(su:session): session closed for user rubyman
May 31 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429273.
May 31 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6585]: pam_unix(cron:session): session closed for user root
May 31 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session closed for user samftp
May 31 12:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 12:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Failed password for root from 194.113.233.25 port 53720 ssh2
May 31 12:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Connection closed by 194.113.233.25 port 53720 [preauth]
May 31 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session closed for user root
May 31 12:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Invalid user dell from 202.133.90.219
May 31 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: input_userauth_request: invalid user dell [preauth]
May 31 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Failed password for invalid user dell from 202.133.90.219 port 35988 ssh2
May 31 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Connection closed by 202.133.90.219 port 35988 [preauth]
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9615]: pam_unix(cron:session): session closed for user root
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9610]: pam_unix(cron:session): session closed for user p13x
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: Successful su for rubyman by root
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: + ??? root:rubyman
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429276 of user rubyman.
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: pam_unix(su:session): session closed for user rubyman
May 31 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429276.
May 31 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session closed for user root
May 31 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session closed for user root
May 31 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session closed for user samftp
May 31 12:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 12:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Failed password for root from 103.27.238.114 port 43124 ssh2
May 31 12:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Connection closed by 103.27.238.114 port 43124 [preauth]
May 31 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session closed for user root
May 31 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Failed password for root from 185.156.73.233 port 49564 ssh2
May 31 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Connection closed by 185.156.73.233 port 49564 [preauth]
May 31 12:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10211]: Connection closed by 194.59.206.2 port 12826 [preauth]
May 31 12:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: Invalid user debian from 202.133.90.219
May 31 12:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: input_userauth_request: invalid user debian [preauth]
May 31 12:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user p13x
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10381]: Successful su for rubyman by root
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10381]: + ??? root:rubyman
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: Failed password for invalid user debian from 202.133.90.219 port 57414 ssh2
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429281 of user rubyman.
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10381]: pam_unix(su:session): session closed for user rubyman
May 31 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429281.
May 31 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10213]: Connection closed by 202.133.90.219 port 57414 [preauth]
May 31 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session closed for user root
May 31 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user samftp
May 31 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9225]: pam_unix(cron:session): session closed for user root
May 31 12:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10738]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10737]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10734]: pam_unix(cron:session): session closed for user p13x
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10806]: Successful su for rubyman by root
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10806]: + ??? root:rubyman
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429286 of user rubyman.
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10806]: pam_unix(su:session): session closed for user rubyman
May 31 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429286.
May 31 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Invalid user david from 202.133.90.219
May 31 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: input_userauth_request: invalid user david [preauth]
May 31 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session closed for user root
May 31 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10735]: pam_unix(cron:session): session closed for user samftp
May 31 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Failed password for invalid user david from 202.133.90.219 port 54842 ssh2
May 31 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Connection closed by 202.133.90.219 port 54842 [preauth]
May 31 12:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session closed for user root
May 31 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11152]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11153]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11149]: pam_unix(cron:session): session closed for user p13x
May 31 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11214]: Successful su for rubyman by root
May 31 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11214]: + ??? root:rubyman
May 31 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429290 of user rubyman.
May 31 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11214]: pam_unix(su:session): session closed for user rubyman
May 31 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429290.
May 31 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8413]: pam_unix(cron:session): session closed for user root
May 31 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11151]: pam_unix(cron:session): session closed for user samftp
May 31 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: User backup from 202.133.90.219 not allowed because not listed in AllowUsers
May 31 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: input_userauth_request: invalid user backup [preauth]
May 31 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=backup
May 31 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Failed password for invalid user backup from 202.133.90.219 port 33676 ssh2
May 31 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Connection closed by 202.133.90.219 port 33676 [preauth]
May 31 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user root
May 31 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user p13x
May 31 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: Successful su for rubyman by root
May 31 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: + ??? root:rubyman
May 31 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429294 of user rubyman.
May 31 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: pam_unix(su:session): session closed for user rubyman
May 31 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429294.
May 31 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8808]: pam_unix(cron:session): session closed for user root
May 31 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user samftp
May 31 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Invalid user as from 202.133.90.219
May 31 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: input_userauth_request: invalid user as [preauth]
May 31 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Failed password for invalid user as from 202.133.90.219 port 36224 ssh2
May 31 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Connection closed by 202.133.90.219 port 36224 [preauth]
May 31 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10738]: pam_unix(cron:session): session closed for user root
May 31 12:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Failed password for root from 80.66.85.226 port 60810 ssh2
May 31 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Connection closed by 80.66.85.226 port 60810 [preauth]
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12032]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session closed for user root
May 31 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session closed for user p13x
May 31 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: Successful su for rubyman by root
May 31 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: + ??? root:rubyman
May 31 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429300 of user rubyman.
May 31 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session closed for user rubyman
May 31 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429300.
May 31 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12032]: pam_unix(cron:session): session closed for user root
May 31 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session closed for user root
May 31 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12031]: pam_unix(cron:session): session closed for user samftp
May 31 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: Invalid user ali from 202.133.90.219
May 31 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: input_userauth_request: invalid user ali [preauth]
May 31 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: Failed password for invalid user ali from 202.133.90.219 port 59176 ssh2
May 31 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12459]: Connection closed by 202.133.90.219 port 59176 [preauth]
May 31 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Failed password for root from 103.27.238.120 port 42814 ssh2
May 31 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Failed password for root from 103.27.238.116 port 44984 ssh2
May 31 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Connection closed by 103.27.238.120 port 42814 [preauth]
May 31 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Connection closed by 103.27.238.116 port 44984 [preauth]
May 31 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11153]: pam_unix(cron:session): session closed for user root
May 31 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Failed password for root from 109.172.54.111 port 35490 ssh2
May 31 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Connection closed by 109.172.54.111 port 35490 [preauth]
May 31 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Invalid user wallet from 67.207.84.8
May 31 12:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: input_userauth_request: invalid user wallet [preauth]
May 31 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Failed password for invalid user wallet from 67.207.84.8 port 56054 ssh2
May 31 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Connection closed by 67.207.84.8 port 56054 [preauth]
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session closed for user p13x
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: Successful su for rubyman by root
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: + ??? root:rubyman
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429303 of user rubyman.
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: pam_unix(su:session): session closed for user rubyman
May 31 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429303.
May 31 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9613]: pam_unix(cron:session): session closed for user root
May 31 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session closed for user samftp
May 31 12:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: Invalid user admin from 202.133.90.219
May 31 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: input_userauth_request: invalid user admin [preauth]
May 31 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: Failed password for invalid user admin from 202.133.90.219 port 52582 ssh2
May 31 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: Connection closed by 202.133.90.219 port 52582 [preauth]
May 31 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: Invalid user rustserver from 165.154.229.58
May 31 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: input_userauth_request: invalid user rustserver [preauth]
May 31 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58
May 31 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: Failed password for invalid user rustserver from 165.154.229.58 port 50352 ssh2
May 31 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: Received disconnect from 165.154.229.58 port 50352:11: Bye Bye [preauth]
May 31 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: Disconnected from 165.154.229.58 port 50352 [preauth]
May 31 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user root
May 31 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session closed for user p13x
May 31 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: Successful su for rubyman by root
May 31 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: + ??? root:rubyman
May 31 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429307 of user rubyman.
May 31 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: pam_unix(su:session): session closed for user rubyman
May 31 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429307.
May 31 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session closed for user root
May 31 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session closed for user samftp
May 31 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Invalid user admin from 202.133.90.219
May 31 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: input_userauth_request: invalid user admin [preauth]
May 31 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Failed password for invalid user admin from 202.133.90.219 port 33272 ssh2
May 31 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session closed for user root
May 31 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Connection closed by 202.133.90.219 port 33272 [preauth]
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13419]: pam_unix(cron:session): session closed for user p13x
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: Successful su for rubyman by root
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: + ??? root:rubyman
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429312 of user rubyman.
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: pam_unix(su:session): session closed for user rubyman
May 31 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429312.
May 31 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10737]: pam_unix(cron:session): session closed for user root
May 31 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session closed for user samftp
May 31 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user root
May 31 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Invalid user a from 202.133.90.219
May 31 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: input_userauth_request: invalid user a [preauth]
May 31 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Failed password for invalid user a from 202.133.90.219 port 57048 ssh2
May 31 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Connection closed by 202.133.90.219 port 57048 [preauth]
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session closed for user p13x
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: Successful su for rubyman by root
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: + ??? root:rubyman
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429315 of user rubyman.
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: pam_unix(su:session): session closed for user rubyman
May 31 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429315.
May 31 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session closed for user root
May 31 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11152]: pam_unix(cron:session): session closed for user root
May 31 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session closed for user samftp
May 31 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Invalid user rustserver from 134.209.120.216
May 31 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: input_userauth_request: invalid user rustserver [preauth]
May 31 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216
May 31 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Failed password for invalid user rustserver from 134.209.120.216 port 45036 ssh2
May 31 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Received disconnect from 134.209.120.216 port 45036:11: Bye Bye [preauth]
May 31 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Disconnected from 134.209.120.216 port 45036 [preauth]
May 31 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Failed password for root from 62.133.63.178 port 43786 ssh2
May 31 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Connection closed by 62.133.63.178 port 43786 [preauth]
May 31 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: Failed password for root from 62.133.62.83 port 54396 ssh2
May 31 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: Connection closed by 62.133.62.83 port 54396 [preauth]
May 31 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user root
May 31 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Invalid user x from 202.133.90.219
May 31 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: input_userauth_request: invalid user x [preauth]
May 31 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Failed password for invalid user x from 202.133.90.219 port 42832 ssh2
May 31 12:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Connection closed by 202.133.90.219 port 42832 [preauth]
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14300]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14300]: pam_unix(cron:session): session closed for user root
May 31 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14295]: pam_unix(cron:session): session closed for user p13x
May 31 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: Successful su for rubyman by root
May 31 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: + ??? root:rubyman
May 31 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429323 of user rubyman.
May 31 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session closed for user rubyman
May 31 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429323.
May 31 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14297]: pam_unix(cron:session): session closed for user root
May 31 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
May 31 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14296]: pam_unix(cron:session): session closed for user samftp
May 31 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: Failed password for root from 160.191.54.171 port 35558 ssh2
May 31 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: Received disconnect from 160.191.54.171 port 35558:11: Bye Bye [preauth]
May 31 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: Disconnected from 160.191.54.171 port 35558 [preauth]
May 31 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session closed for user root
May 31 12:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Invalid user x from 202.133.90.219
May 31 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: input_userauth_request: invalid user x [preauth]
May 31 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Failed password for invalid user x from 202.133.90.219 port 53422 ssh2
May 31 12:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Connection closed by 202.133.90.219 port 53422 [preauth]
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14803]: pam_unix(cron:session): session closed for user p13x
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14873]: Successful su for rubyman by root
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14873]: + ??? root:rubyman
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429327 of user rubyman.
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14873]: pam_unix(su:session): session closed for user rubyman
May 31 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429327.
May 31 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session closed for user root
May 31 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14804]: pam_unix(cron:session): session closed for user samftp
May 31 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: Failed password for root from 103.153.68.219 port 59572 ssh2
May 31 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: Connection closed by 103.153.68.219 port 59572 [preauth]
May 31 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Invalid user usuario from 185.156.73.233
May 31 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: input_userauth_request: invalid user usuario [preauth]
May 31 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Failed password for invalid user usuario from 185.156.73.233 port 41112 ssh2
May 31 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Connection closed by 185.156.73.233 port 41112 [preauth]
May 31 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session closed for user root
May 31 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: Invalid user web from 202.133.90.219
May 31 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: input_userauth_request: invalid user web [preauth]
May 31 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: Failed password for invalid user web from 202.133.90.219 port 44314 ssh2
May 31 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: Connection closed by 202.133.90.219 port 44314 [preauth]
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session closed for user p13x
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: Successful su for rubyman by root
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: + ??? root:rubyman
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429330 of user rubyman.
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15285]: pam_unix(su:session): session closed for user rubyman
May 31 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429330.
May 31 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user root
May 31 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session closed for user samftp
May 31 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Invalid user parasailing from 67.207.84.8
May 31 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: input_userauth_request: invalid user parasailing [preauth]
May 31 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 12:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Failed password for invalid user parasailing from 67.207.84.8 port 49590 ssh2
May 31 12:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Connection closed by 67.207.84.8 port 49590 [preauth]
May 31 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 12:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Failed password for root from 38.93.206.2 port 41170 ssh2
May 31 12:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Connection closed by 38.93.206.2 port 41170 [preauth]
May 31 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14299]: pam_unix(cron:session): session closed for user root
May 31 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Invalid user webmaster from 202.133.90.219
May 31 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: input_userauth_request: invalid user webmaster [preauth]
May 31 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Failed password for invalid user webmaster from 202.133.90.219 port 38270 ssh2
May 31 12:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Connection closed by 202.133.90.219 port 38270 [preauth]
May 31 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15611]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15608]: pam_unix(cron:session): session closed for user p13x
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15667]: Successful su for rubyman by root
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15667]: + ??? root:rubyman
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429334 of user rubyman.
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15667]: pam_unix(su:session): session closed for user rubyman
May 31 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429334.
May 31 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user root
May 31 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session closed for user samftp
May 31 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Failed password for root from 103.82.20.28 port 38898 ssh2
May 31 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Connection closed by 103.82.20.28 port 38898 [preauth]
May 31 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14806]: pam_unix(cron:session): session closed for user root
May 31 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user p13x
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: Successful su for rubyman by root
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: + ??? root:rubyman
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429340 of user rubyman.
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: pam_unix(su:session): session closed for user rubyman
May 31 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429340.
May 31 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Invalid user user from 202.133.90.219
May 31 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: input_userauth_request: invalid user user [preauth]
May 31 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Failed password for invalid user user from 202.133.90.219 port 42948 ssh2
May 31 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session closed for user root
May 31 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Connection closed by 202.133.90.219 port 42948 [preauth]
May 31 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session closed for user samftp
May 31 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Failed password for root from 134.209.120.216 port 54392 ssh2
May 31 12:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Received disconnect from 134.209.120.216 port 54392:11: Bye Bye [preauth]
May 31 12:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16241]: Disconnected from 134.209.120.216 port 54392 [preauth]
May 31 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session closed for user root
May 31 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Failed password for root from 165.154.229.58 port 44960 ssh2
May 31 12:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Received disconnect from 165.154.229.58 port 44960:11: Bye Bye [preauth]
May 31 12:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Disconnected from 165.154.229.58 port 44960 [preauth]
May 31 12:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Invalid user rustserver from 160.191.54.171
May 31 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: input_userauth_request: invalid user rustserver [preauth]
May 31 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171
May 31 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Failed password for invalid user rustserver from 160.191.54.171 port 53402 ssh2
May 31 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Received disconnect from 160.191.54.171 port 53402:11: Bye Bye [preauth]
May 31 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Disconnected from 160.191.54.171 port 53402 [preauth]
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16389]: pam_unix(cron:session): session closed for user root
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session closed for user p13x
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: Successful su for rubyman by root
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: + ??? root:rubyman
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429344 of user rubyman.
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session closed for user rubyman
May 31 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429344.
May 31 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session closed for user root
May 31 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session closed for user root
May 31 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session closed for user samftp
May 31 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Invalid user user1 from 202.133.90.219
May 31 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: input_userauth_request: invalid user user1 [preauth]
May 31 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Failed password for invalid user user1 from 202.133.90.219 port 50128 ssh2
May 31 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Connection closed by 202.133.90.219 port 50128 [preauth]
May 31 12:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 12:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Failed password for root from 89.108.118.91 port 58978 ssh2
May 31 12:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Connection closed by 89.108.118.91 port 58978 [preauth]
May 31 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15611]: pam_unix(cron:session): session closed for user root
May 31 12:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: Failed password for root from 134.209.120.216 port 47990 ssh2
May 31 12:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: Received disconnect from 134.209.120.216 port 47990:11: Bye Bye [preauth]
May 31 12:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: Disconnected from 134.209.120.216 port 47990 [preauth]
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session closed for user p13x
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16872]: Successful su for rubyman by root
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16872]: + ??? root:rubyman
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429348 of user rubyman.
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16872]: pam_unix(su:session): session closed for user rubyman
May 31 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429348.
May 31 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14298]: pam_unix(cron:session): session closed for user root
May 31 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16808]: pam_unix(cron:session): session closed for user samftp
May 31 12:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Invalid user ubuntu from 202.133.90.219
May 31 12:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: input_userauth_request: invalid user ubuntu [preauth]
May 31 12:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Failed password for invalid user ubuntu from 202.133.90.219 port 56554 ssh2
May 31 12:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Connection closed by 202.133.90.219 port 56554 [preauth]
May 31 12:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15993]: pam_unix(cron:session): session closed for user root
May 31 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Failed password for root from 165.154.229.58 port 40782 ssh2
May 31 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Received disconnect from 165.154.229.58 port 40782:11: Bye Bye [preauth]
May 31 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Disconnected from 165.154.229.58 port 40782 [preauth]
May 31 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Invalid user lorenzo from 160.191.54.171
May 31 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: input_userauth_request: invalid user lorenzo [preauth]
May 31 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171
May 31 12:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Failed password for invalid user lorenzo from 160.191.54.171 port 54760 ssh2
May 31 12:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Received disconnect from 160.191.54.171 port 54760:11: Bye Bye [preauth]
May 31 12:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Disconnected from 160.191.54.171 port 54760 [preauth]
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user p13x
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17264]: Successful su for rubyman by root
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17264]: + ??? root:rubyman
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429352 of user rubyman.
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17264]: pam_unix(su:session): session closed for user rubyman
May 31 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429352.
May 31 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14805]: pam_unix(cron:session): session closed for user root
May 31 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: Failed password for root from 134.209.120.216 port 36282 ssh2
May 31 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: Received disconnect from 134.209.120.216 port 36282:11: Bye Bye [preauth]
May 31 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: Disconnected from 134.209.120.216 port 36282 [preauth]
May 31 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17202]: pam_unix(cron:session): session closed for user samftp
May 31 12:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Invalid user ubuntu from 202.133.90.219
May 31 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: input_userauth_request: invalid user ubuntu [preauth]
May 31 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for invalid user ubuntu from 202.133.90.219 port 42276 ssh2
May 31 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Connection closed by 202.133.90.219 port 42276 [preauth]
May 31 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session closed for user root
May 31 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Invalid user service from 173.254.234.162
May 31 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: input_userauth_request: invalid user service [preauth]
May 31 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for invalid user service from 173.254.234.162 port 44406 ssh2
May 31 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Connection closed by 173.254.234.162 port 44406 [preauth]
May 31 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user p13x
May 31 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: Successful su for rubyman by root
May 31 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: + ??? root:rubyman
May 31 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429356 of user rubyman.
May 31 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session closed for user rubyman
May 31 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429356.
May 31 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session closed for user root
May 31 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session closed for user samftp
May 31 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Failed password for root from 160.191.54.171 port 56106 ssh2
May 31 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Received disconnect from 160.191.54.171 port 56106:11: Bye Bye [preauth]
May 31 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Disconnected from 160.191.54.171 port 56106 [preauth]
May 31 12:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for root from 165.154.229.58 port 46030 ssh2
May 31 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Received disconnect from 165.154.229.58 port 46030:11: Bye Bye [preauth]
May 31 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Disconnected from 165.154.229.58 port 46030 [preauth]
May 31 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Invalid user lorenzo from 134.209.120.216
May 31 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: input_userauth_request: invalid user lorenzo [preauth]
May 31 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Invalid user ubuntu from 202.133.90.219
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: input_userauth_request: invalid user ubuntu [preauth]
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Failed password for invalid user lorenzo from 134.209.120.216 port 52744 ssh2
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Received disconnect from 134.209.120.216 port 52744:11: Bye Bye [preauth]
May 31 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Disconnected from 134.209.120.216 port 52744 [preauth]
May 31 12:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Failed password for invalid user ubuntu from 202.133.90.219 port 36928 ssh2
May 31 12:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Connection closed by 202.133.90.219 port 36928 [preauth]
May 31 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16811]: pam_unix(cron:session): session closed for user root
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18106]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18104]: pam_unix(cron:session): session closed for user p13x
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18170]: Successful su for rubyman by root
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18170]: + ??? root:rubyman
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429360 of user rubyman.
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18170]: pam_unix(su:session): session closed for user rubyman
May 31 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429360.
May 31 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session closed for user root
May 31 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18105]: pam_unix(cron:session): session closed for user samftp
May 31 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Invalid user t from 202.133.90.219
May 31 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: input_userauth_request: invalid user t [preauth]
May 31 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user t from 202.133.90.219 port 49694 ssh2
May 31 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Connection closed by 202.133.90.219 port 49694 [preauth]
May 31 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user root
May 31 12:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Invalid user testadmin from 160.191.54.171
May 31 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: input_userauth_request: invalid user testadmin [preauth]
May 31 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171
May 31 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Failed password for invalid user testadmin from 160.191.54.171 port 57462 ssh2
May 31 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Received disconnect from 160.191.54.171 port 57462:11: Bye Bye [preauth]
May 31 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Disconnected from 160.191.54.171 port 57462 [preauth]
May 31 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: Failed password for root from 134.209.120.216 port 53938 ssh2
May 31 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: Received disconnect from 134.209.120.216 port 53938:11: Bye Bye [preauth]
May 31 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: Disconnected from 134.209.120.216 port 53938 [preauth]
May 31 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session closed for user root
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session closed for user p13x
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Invalid user testadmin from 165.154.229.58
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: input_userauth_request: invalid user testadmin [preauth]
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58
May 31 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18683]: Successful su for rubyman by root
May 31 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18683]: + ??? root:rubyman
May 31 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429369 of user rubyman.
May 31 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18683]: pam_unix(su:session): session closed for user rubyman
May 31 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429369.
May 31 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user root
May 31 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Failed password for invalid user testadmin from 165.154.229.58 port 34412 ssh2
May 31 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user root
May 31 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Received disconnect from 165.154.229.58 port 34412:11: Bye Bye [preauth]
May 31 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Disconnected from 165.154.229.58 port 34412 [preauth]
May 31 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user samftp
May 31 12:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Invalid user tsukasa from 202.133.90.219
May 31 12:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: input_userauth_request: invalid user tsukasa [preauth]
May 31 12:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Failed password for invalid user tsukasa from 202.133.90.219 port 38856 ssh2
May 31 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Connection closed by 202.133.90.219 port 38856 [preauth]
May 31 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17608]: pam_unix(cron:session): session closed for user root
May 31 12:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19063]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19061]: pam_unix(cron:session): session closed for user p13x
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19224]: Successful su for rubyman by root
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19224]: + ??? root:rubyman
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429370 of user rubyman.
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19224]: pam_unix(su:session): session closed for user rubyman
May 31 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429370.
May 31 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Failed password for root from 134.209.120.216 port 55372 ssh2
May 31 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Received disconnect from 134.209.120.216 port 55372:11: Bye Bye [preauth]
May 31 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Disconnected from 134.209.120.216 port 55372 [preauth]
May 31 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session closed for user root
May 31 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19062]: pam_unix(cron:session): session closed for user samftp
May 31 12:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Invalid user leandro from 213.209.159.56
May 31 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: input_userauth_request: invalid user leandro [preauth]
May 31 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Failed password for invalid user leandro from 213.209.159.56 port 39585 ssh2
May 31 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Failed password for root from 160.191.54.171 port 58806 ssh2
May 31 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Received disconnect from 160.191.54.171 port 58806:11: Bye Bye [preauth]
May 31 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Disconnected from 160.191.54.171 port 58806 [preauth]
May 31 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Failed password for invalid user leandro from 213.209.159.56 port 39585 ssh2
May 31 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Failed password for root from 193.37.70.224 port 36982 ssh2
May 31 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Connection closed by 193.37.70.224 port 36982 [preauth]
May 31 12:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Failed password for invalid user leandro from 213.209.159.56 port 39585 ssh2
May 31 12:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Failed password for invalid user leandro from 213.209.159.56 port 39585 ssh2
May 31 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Failed password for invalid user leandro from 213.209.159.56 port 39585 ssh2
May 31 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Received disconnect from 213.209.159.56 port 39585:11: Bye [preauth]
May 31 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Disconnected from 213.209.159.56 port 39585 [preauth]
May 31 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19475]: Failed password for root from 77.94.47.83 port 51998 ssh2
May 31 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19475]: Connection closed by 77.94.47.83 port 51998 [preauth]
May 31 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session closed for user root
May 31 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Invalid user toidicho from 202.133.90.219
May 31 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: input_userauth_request: invalid user toidicho [preauth]
May 31 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Failed password for invalid user toidicho from 202.133.90.219 port 45050 ssh2
May 31 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Connection closed by 202.133.90.219 port 45050 [preauth]
May 31 12:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Failed password for root from 165.154.229.58 port 40500 ssh2
May 31 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Received disconnect from 165.154.229.58 port 40500:11: Bye Bye [preauth]
May 31 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Disconnected from 165.154.229.58 port 40500 [preauth]
May 31 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19771]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19772]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19769]: pam_unix(cron:session): session closed for user p13x
May 31 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19837]: Successful su for rubyman by root
May 31 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19837]: + ??? root:rubyman
May 31 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429374 of user rubyman.
May 31 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19837]: pam_unix(su:session): session closed for user rubyman
May 31 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429374.
May 31 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16809]: pam_unix(cron:session): session closed for user root
May 31 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19770]: pam_unix(cron:session): session closed for user samftp
May 31 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Invalid user daniel from 80.94.95.116
May 31 12:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: input_userauth_request: invalid user daniel [preauth]
May 31 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Failed password for invalid user daniel from 80.94.95.116 port 19716 ssh2
May 31 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Connection closed by 80.94.95.116 port 19716 [preauth]
May 31 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
May 31 12:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Failed password for root from 45.148.10.121 port 55020 ssh2
May 31 12:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Connection closed by 45.148.10.121 port 55020 [preauth]
May 31 12:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: Failed password for root from 134.209.120.216 port 49600 ssh2
May 31 12:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: Received disconnect from 134.209.120.216 port 49600:11: Bye Bye [preauth]
May 31 12:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: Disconnected from 134.209.120.216 port 49600 [preauth]
May 31 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18607]: pam_unix(cron:session): session closed for user root
May 31 12:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Invalid user test from 202.133.90.219
May 31 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: input_userauth_request: invalid user test [preauth]
May 31 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Failed password for invalid user test from 202.133.90.219 port 37736 ssh2
May 31 12:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Connection closed by 202.133.90.219 port 37736 [preauth]
May 31 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: Failed password for root from 160.191.54.171 port 60150 ssh2
May 31 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: Received disconnect from 160.191.54.171 port 60150:11: Bye Bye [preauth]
May 31 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20228]: Disconnected from 160.191.54.171 port 60150 [preauth]
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session closed for user p13x
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20345]: Successful su for rubyman by root
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20345]: + ??? root:rubyman
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429380 of user rubyman.
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20345]: pam_unix(su:session): session closed for user rubyman
May 31 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429380.
May 31 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session closed for user root
May 31 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20523]: Did not receive identification string from 80.94.92.186
May 31 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session closed for user samftp
May 31 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Invalid user lorenzo from 165.154.229.58
May 31 12:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: input_userauth_request: invalid user lorenzo [preauth]
May 31 12:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58
May 31 12:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Failed password for invalid user lorenzo from 165.154.229.58 port 49060 ssh2
May 31 12:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Received disconnect from 165.154.229.58 port 49060:11: Bye Bye [preauth]
May 31 12:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Disconnected from 165.154.229.58 port 49060 [preauth]
May 31 12:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session closed for user root
May 31 12:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216  user=root
May 31 12:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Failed password for root from 134.209.120.216 port 43012 ssh2
May 31 12:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Received disconnect from 134.209.120.216 port 43012:11: Bye Bye [preauth]
May 31 12:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Disconnected from 134.209.120.216 port 43012 [preauth]
May 31 12:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: Invalid user test from 202.133.90.219
May 31 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: input_userauth_request: invalid user test [preauth]
May 31 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: Failed password for invalid user test from 202.133.90.219 port 41382 ssh2
May 31 12:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20710]: Connection closed by 202.133.90.219 port 41382 [preauth]
May 31 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20788]: pam_unix(cron:session): session closed for user p13x
May 31 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: Successful su for rubyman by root
May 31 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: + ??? root:rubyman
May 31 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429383 of user rubyman.
May 31 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: pam_unix(su:session): session closed for user rubyman
May 31 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429383.
May 31 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session closed for user root
May 31 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20789]: pam_unix(cron:session): session closed for user samftp
May 31 12:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Failed password for root from 160.191.54.171 port 33276 ssh2
May 31 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Received disconnect from 160.191.54.171 port 33276:11: Bye Bye [preauth]
May 31 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Disconnected from 160.191.54.171 port 33276 [preauth]
May 31 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19772]: pam_unix(cron:session): session closed for user root
May 31 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Invalid user servidor from 202.133.90.219
May 31 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: input_userauth_request: invalid user servidor [preauth]
May 31 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Invalid user testadmin from 134.209.120.216
May 31 12:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: input_userauth_request: invalid user testadmin [preauth]
May 31 12:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.120.216
May 31 12:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Failed password for invalid user servidor from 202.133.90.219 port 48404 ssh2
May 31 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Connection closed by 202.133.90.219 port 48404 [preauth]
May 31 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Failed password for invalid user testadmin from 134.209.120.216 port 37942 ssh2
May 31 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Received disconnect from 134.209.120.216 port 37942:11: Bye Bye [preauth]
May 31 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Disconnected from 134.209.120.216 port 37942 [preauth]
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21202]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21202]: pam_unix(cron:session): session closed for user root
May 31 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session closed for user p13x
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21261]: Successful su for rubyman by root
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21261]: + ??? root:rubyman
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429388 of user rubyman.
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21261]: pam_unix(su:session): session closed for user rubyman
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429388.
May 31 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18106]: pam_unix(cron:session): session closed for user root
May 31 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session closed for user root
May 31 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: Failed password for root from 165.154.229.58 port 53400 ssh2
May 31 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: Received disconnect from 165.154.229.58 port 53400:11: Bye Bye [preauth]
May 31 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: Disconnected from 165.154.229.58 port 53400 [preauth]
May 31 12:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session closed for user samftp
May 31 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session closed for user root
May 31 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: Failed password for root from 160.191.54.171 port 34620 ssh2
May 31 12:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: Received disconnect from 160.191.54.171 port 34620:11: Bye Bye [preauth]
May 31 12:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: Disconnected from 160.191.54.171 port 34620 [preauth]
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user p13x
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: Successful su for rubyman by root
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: + ??? root:rubyman
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429392 of user rubyman.
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: pam_unix(su:session): session closed for user rubyman
May 31 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429392.
May 31 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18606]: pam_unix(cron:session): session closed for user root
May 31 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user samftp
May 31 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Invalid user ryan from 202.133.90.219
May 31 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: input_userauth_request: invalid user ryan [preauth]
May 31 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 12:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Failed password for invalid user ryan from 202.133.90.219 port 47336 ssh2
May 31 12:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Connection closed by 202.133.90.219 port 47336 [preauth]
May 31 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20792]: pam_unix(cron:session): session closed for user root
May 31 12:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22007]: Failed password for root from 165.154.229.58 port 57982 ssh2
May 31 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22007]: Received disconnect from 165.154.229.58 port 57982:11: Bye Bye [preauth]
May 31 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22007]: Disconnected from 165.154.229.58 port 57982 [preauth]
May 31 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22057]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session closed for user p13x
May 31 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: Successful su for rubyman by root
May 31 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: + ??? root:rubyman
May 31 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429398 of user rubyman.
May 31 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: pam_unix(su:session): session closed for user rubyman
May 31 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429398.
May 31 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19063]: pam_unix(cron:session): session closed for user root
May 31 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user samftp
May 31 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 12:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Failed password for root from 103.77.175.15 port 40350 ssh2
May 31 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Connection closed by 103.77.175.15 port 40350 [preauth]
May 31 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: Failed password for root from 103.176.20.57 port 33830 ssh2
May 31 12:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: Connection closed by 103.176.20.57 port 33830 [preauth]
May 31 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Failed password for root from 202.133.90.219 port 55988 ssh2
May 31 12:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Connection closed by 202.133.90.219 port 55988 [preauth]
May 31 12:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.54.171  user=root
May 31 12:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22351]: Failed password for root from 160.191.54.171 port 35972 ssh2
May 31 12:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22351]: Received disconnect from 160.191.54.171 port 35972:11: Bye Bye [preauth]
May 31 12:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22351]: Disconnected from 160.191.54.171 port 35972 [preauth]
May 31 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21200]: pam_unix(cron:session): session closed for user root
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user p13x
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: Successful su for rubyman by root
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: + ??? root:rubyman
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429400 of user rubyman.
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: pam_unix(su:session): session closed for user rubyman
May 31 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429400.
May 31 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19771]: pam_unix(cron:session): session closed for user root
May 31 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session closed for user samftp
May 31 12:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 12:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: Failed password for root from 202.133.90.219 port 34668 ssh2
May 31 12:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: Connection closed by 202.133.90.219 port 34668 [preauth]
May 31 12:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.229.58  user=root
May 31 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Failed password for root from 165.154.229.58 port 35530 ssh2
May 31 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Received disconnect from 165.154.229.58 port 35530:11: Bye Bye [preauth]
May 31 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Disconnected from 165.154.229.58 port 35530 [preauth]
May 31 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user root
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session closed for user p13x
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: Successful su for rubyman by root
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: + ??? root:rubyman
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429404 of user rubyman.
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: pam_unix(su:session): session closed for user rubyman
May 31 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429404.
May 31 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session closed for user root
May 31 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22846]: pam_unix(cron:session): session closed for user samftp
May 31 12:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for root from 202.133.90.219 port 35088 ssh2
May 31 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Connection closed by 202.133.90.219 port 35088 [preauth]
May 31 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22057]: pam_unix(cron:session): session closed for user root
May 31 12:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 12:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Invalid user sol from 80.94.92.186
May 31 12:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: input_userauth_request: invalid user sol [preauth]
May 31 12:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: pam_unix(sshd:auth): check pass; user unknown
May 31 12:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Failed password for invalid user sol from 80.94.92.186 port 43648 ssh2
May 31 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Connection closed by 80.94.92.186 port 43648 [preauth]
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23236]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23237]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23238]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session closed for user root
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session closed for user root
May 31 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23233]: pam_unix(cron:session): session closed for user p13x
May 31 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23333]: Successful su for rubyman by root
May 31 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23333]: + ??? root:rubyman
May 31 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429413 of user rubyman.
May 31 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23333]: pam_unix(su:session): session closed for user rubyman
May 31 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429413.
May 31 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23236]: pam_unix(cron:session): session closed for user root
May 31 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20791]: pam_unix(cron:session): session closed for user root
May 31 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session closed for user samftp
May 31 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: Failed password for root from 103.122.221.179 port 46370 ssh2
May 31 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: Connection closed by 103.122.221.179 port 46370 [preauth]
May 31 13:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23610]: Failed password for root from 202.133.90.219 port 35088 ssh2
May 31 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23610]: Connection closed by 202.133.90.219 port 35088 [preauth]
May 31 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session closed for user root
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session closed for user p13x
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23917]: Successful su for rubyman by root
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23917]: + ??? root:rubyman
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429416 of user rubyman.
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23917]: pam_unix(su:session): session closed for user rubyman
May 31 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429416.
May 31 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session closed for user root
May 31 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session closed for user samftp
May 31 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session closed for user root
May 31 13:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: Failed password for root from 202.133.90.219 port 52856 ssh2
May 31 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: Connection closed by 202.133.90.219 port 52856 [preauth]
May 31 13:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 13:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24259]: Failed password for root from 109.237.96.109 port 50728 ssh2
May 31 13:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24259]: Connection closed by 109.237.96.109 port 50728 [preauth]
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session closed for user p13x
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24352]: Successful su for rubyman by root
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24352]: + ??? root:rubyman
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429420 of user rubyman.
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24352]: pam_unix(su:session): session closed for user rubyman
May 31 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429420.
May 31 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session closed for user root
May 31 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24286]: pam_unix(cron:session): session closed for user samftp
May 31 13:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for root from 147.45.197.250 port 50592 ssh2
May 31 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23238]: pam_unix(cron:session): session closed for user root
May 31 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Connection closed by 147.45.197.250 port 50592 [preauth]
May 31 13:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Failed password for root from 202.133.90.219 port 57526 ssh2
May 31 13:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Connection closed by 202.133.90.219 port 57526 [preauth]
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session closed for user p13x
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: Successful su for rubyman by root
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: + ??? root:rubyman
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429424 of user rubyman.
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session closed for user rubyman
May 31 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429424.
May 31 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session closed for user root
May 31 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session closed for user samftp
May 31 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session closed for user root
May 31 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Failed password for root from 202.133.90.219 port 37040 ssh2
May 31 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Connection closed by 202.133.90.219 port 37040 [preauth]
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user p13x
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25172]: Successful su for rubyman by root
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25172]: + ??? root:rubyman
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429427 of user rubyman.
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25172]: pam_unix(su:session): session closed for user rubyman
May 31 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429427.
May 31 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session closed for user root
May 31 13:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user samftp
May 31 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Invalid user solana from 80.94.92.186
May 31 13:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: input_userauth_request: invalid user solana [preauth]
May 31 13:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Failed password for invalid user solana from 80.94.92.186 port 46316 ssh2
May 31 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Connection closed by 80.94.92.186 port 46316 [preauth]
May 31 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session closed for user root
May 31 13:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: Failed password for root from 202.133.90.219 port 51978 ssh2
May 31 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25478]: Connection closed by 202.133.90.219 port 51978 [preauth]
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25512]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25516]: pam_unix(cron:session): session closed for user root
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session closed for user p13x
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25581]: Successful su for rubyman by root
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25581]: + ??? root:rubyman
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429431 of user rubyman.
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25581]: pam_unix(su:session): session closed for user rubyman
May 31 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429431.
May 31 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25512]: pam_unix(cron:session): session closed for user root
May 31 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user root
May 31 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session closed for user samftp
May 31 13:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Failed password for root from 147.45.199.80 port 32936 ssh2
May 31 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Connection closed by 147.45.199.80 port 32936 [preauth]
May 31 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session closed for user root
May 31 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session closed for user p13x
May 31 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25995]: Successful su for rubyman by root
May 31 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25995]: + ??? root:rubyman
May 31 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429438 of user rubyman.
May 31 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25995]: pam_unix(su:session): session closed for user rubyman
May 31 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429438.
May 31 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Failed password for root from 202.133.90.219 port 52956 ssh2
May 31 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Connection closed by 202.133.90.219 port 52956 [preauth]
May 31 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23237]: pam_unix(cron:session): session closed for user root
May 31 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user samftp
May 31 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session closed for user root
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26329]: pam_unix(cron:session): session closed for user p13x
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: Successful su for rubyman by root
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: + ??? root:rubyman
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429441 of user rubyman.
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: pam_unix(su:session): session closed for user rubyman
May 31 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429441.
May 31 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session closed for user root
May 31 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26330]: pam_unix(cron:session): session closed for user samftp
May 31 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Failed password for root from 202.133.90.219 port 56372 ssh2
May 31 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Connection closed by 202.133.90.219 port 56372 [preauth]
May 31 13:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Failed password for root from 103.149.170.125 port 53920 ssh2
May 31 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Connection closed by 103.149.170.125 port 53920 [preauth]
May 31 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Invalid user patellula from 173.254.234.162
May 31 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: input_userauth_request: invalid user patellula [preauth]
May 31 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 13:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user patellula from 173.254.234.162 port 57772 ssh2
May 31 13:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Connection closed by 173.254.234.162 port 57772 [preauth]
May 31 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed password for root from 51.250.105.222 port 58114 ssh2
May 31 13:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Connection closed by 51.250.105.222 port 58114 [preauth]
May 31 13:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25515]: pam_unix(cron:session): session closed for user root
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26817]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26819]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session closed for user p13x
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26873]: Successful su for rubyman by root
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26873]: + ??? root:rubyman
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429445 of user rubyman.
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26873]: pam_unix(su:session): session closed for user rubyman
May 31 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429445.
May 31 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session closed for user root
May 31 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26816]: pam_unix(cron:session): session closed for user samftp
May 31 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Failed password for root from 202.133.90.219 port 55716 ssh2
May 31 13:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Connection closed by 202.133.90.219 port 55716 [preauth]
May 31 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Invalid user sol from 80.94.92.186
May 31 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: input_userauth_request: invalid user sol [preauth]
May 31 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session closed for user root
May 31 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Failed password for invalid user sol from 80.94.92.186 port 48976 ssh2
May 31 13:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Connection closed by 80.94.92.186 port 48976 [preauth]
May 31 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27219]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27218]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session closed for user p13x
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27345]: Successful su for rubyman by root
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27345]: + ??? root:rubyman
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429449 of user rubyman.
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27345]: pam_unix(su:session): session closed for user rubyman
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429449.
May 31 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session closed for user root
May 31 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session closed for user root
May 31 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session closed for user samftp
May 31 13:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Failed password for root from 202.133.90.219 port 36616 ssh2
May 31 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Connection closed by 202.133.90.219 port 36616 [preauth]
May 31 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26332]: pam_unix(cron:session): session closed for user root
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session closed for user root
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27723]: pam_unix(cron:session): session closed for user p13x
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27801]: Successful su for rubyman by root
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27801]: + ??? root:rubyman
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429455 of user rubyman.
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27801]: pam_unix(su:session): session closed for user rubyman
May 31 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429455.
May 31 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session closed for user root
May 31 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session closed for user root
May 31 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162  user=root
May 31 13:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27724]: pam_unix(cron:session): session closed for user samftp
May 31 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: Failed password for root from 173.254.234.162 port 40128 ssh2
May 31 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: Connection closed by 173.254.234.162 port 40128 [preauth]
May 31 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Failed password for root from 202.133.90.219 port 49334 ssh2
May 31 13:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Connection closed by 202.133.90.219 port 49334 [preauth]
May 31 13:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26819]: pam_unix(cron:session): session closed for user root
May 31 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session closed for user p13x
May 31 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28296]: Successful su for rubyman by root
May 31 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28296]: + ??? root:rubyman
May 31 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429461 of user rubyman.
May 31 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28296]: pam_unix(su:session): session closed for user rubyman
May 31 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429461.
May 31 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25513]: pam_unix(cron:session): session closed for user root
May 31 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28231]: pam_unix(cron:session): session closed for user samftp
May 31 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27219]: pam_unix(cron:session): session closed for user root
May 31 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: Failed password for root from 202.133.90.219 port 44898 ssh2
May 31 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: Connection closed by 202.133.90.219 port 44898 [preauth]
May 31 13:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Failed password for root from 80.94.95.115 port 45208 ssh2
May 31 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Connection closed by 80.94.95.115 port 45208 [preauth]
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Failed password for root from 103.15.222.183 port 43858 ssh2
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session closed for user p13x
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Connection closed by 103.15.222.183 port 43858 [preauth]
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: Successful su for rubyman by root
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: + ??? root:rubyman
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429464 of user rubyman.
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: pam_unix(su:session): session closed for user rubyman
May 31 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429464.
May 31 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user root
May 31 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session closed for user samftp
May 31 13:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Invalid user sol from 80.94.92.186
May 31 13:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: input_userauth_request: invalid user sol [preauth]
May 31 13:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 13:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Failed password for invalid user sol from 80.94.92.186 port 51636 ssh2
May 31 13:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: Failed password for root from 94.159.98.239 port 38764 ssh2
May 31 13:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29008]: Connection closed by 94.159.98.239 port 38764 [preauth]
May 31 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Connection closed by 80.94.92.186 port 51636 [preauth]
May 31 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session closed for user root
May 31 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Failed password for root from 202.133.90.219 port 43280 ssh2
May 31 13:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Connection closed by 202.133.90.219 port 43280 [preauth]
May 31 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: Received disconnect from 176.65.131.192 port 27974:11: disconnected by user [preauth]
May 31 13:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: Disconnected from 176.65.131.192 port 27974 [preauth]
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29136]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29134]: pam_unix(cron:session): session closed for user p13x
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: Successful su for rubyman by root
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: + ??? root:rubyman
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429468 of user rubyman.
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: pam_unix(su:session): session closed for user rubyman
May 31 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429468.
May 31 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session closed for user root
May 31 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29135]: pam_unix(cron:session): session closed for user samftp
May 31 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session closed for user root
May 31 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Failed password for root from 202.133.90.219 port 55500 ssh2
May 31 13:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Connection closed by 202.133.90.219 port 55500 [preauth]
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user p13x
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29702]: Successful su for rubyman by root
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29702]: + ??? root:rubyman
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429472 of user rubyman.
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29702]: pam_unix(su:session): session closed for user rubyman
May 31 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429472.
May 31 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26817]: pam_unix(cron:session): session closed for user root
May 31 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user samftp
May 31 13:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user root
May 31 13:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 13:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Failed password for root from 176.32.39.21 port 43234 ssh2
May 31 13:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Connection closed by 176.32.39.21 port 43234 [preauth]
May 31 13:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for root from 202.133.90.219 port 58966 ssh2
May 31 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Connection closed by 202.133.90.219 port 58966 [preauth]
May 31 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: Failed password for root from 103.172.78.219 port 39200 ssh2
May 31 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: Connection closed by 103.172.78.219 port 39200 [preauth]
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session closed for user root
May 31 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session closed for user p13x
May 31 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: Successful su for rubyman by root
May 31 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: + ??? root:rubyman
May 31 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429479 of user rubyman.
May 31 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: pam_unix(su:session): session closed for user rubyman
May 31 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429479.
May 31 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session closed for user root
May 31 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27218]: pam_unix(cron:session): session closed for user root
May 31 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session closed for user samftp
May 31 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session closed for user root
May 31 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user p13x
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30613]: Successful su for rubyman by root
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30613]: + ??? root:rubyman
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429482 of user rubyman.
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30613]: pam_unix(su:session): session closed for user rubyman
May 31 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429482.
May 31 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Failed password for root from 202.133.90.219 port 38612 ssh2
May 31 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session closed for user root
May 31 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user samftp
May 31 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Connection closed by 202.133.90.219 port 38612 [preauth]
May 31 13:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Invalid user solv from 80.94.92.186
May 31 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: input_userauth_request: invalid user solv [preauth]
May 31 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Failed password for invalid user solv from 80.94.92.186 port 54296 ssh2
May 31 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Connection closed by 80.94.92.186 port 54296 [preauth]
May 31 13:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Did not receive identification string from 147.185.132.177
May 31 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29638]: pam_unix(cron:session): session closed for user root
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session closed for user root
May 31 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session closed for user p13x
May 31 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: Successful su for rubyman by root
May 31 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: + ??? root:rubyman
May 31 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429486 of user rubyman.
May 31 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: pam_unix(su:session): session closed for user rubyman
May 31 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429486.
May 31 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session closed for user root
May 31 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31046]: pam_unix(cron:session): session closed for user samftp
May 31 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: Did not receive identification string from 103.203.57.11
May 31 13:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Failed password for root from 202.133.90.219 port 59912 ssh2
May 31 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Connection closed by 202.133.90.219 port 59912 [preauth]
May 31 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user root
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31450]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session closed for user p13x
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31514]: Successful su for rubyman by root
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31514]: + ??? root:rubyman
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429492 of user rubyman.
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31514]: pam_unix(su:session): session closed for user rubyman
May 31 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429492.
May 31 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session closed for user root
May 31 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session closed for user samftp
May 31 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Invalid user user from 2.57.121.25
May 31 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: input_userauth_request: invalid user user [preauth]
May 31 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 13:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for invalid user user from 2.57.121.25 port 5343 ssh2
May 31 13:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for invalid user user from 2.57.121.25 port 5343 ssh2
May 31 13:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for invalid user user from 2.57.121.25 port 5343 ssh2
May 31 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for invalid user user from 2.57.121.25 port 5343 ssh2
May 31 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for invalid user user from 2.57.121.25 port 5343 ssh2
May 31 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Received disconnect from 2.57.121.25 port 5343:11: Bye [preauth]
May 31 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Disconnected from 2.57.121.25 port 5343 [preauth]
May 31 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 13:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Failed password for root from 202.133.90.219 port 44148 ssh2
May 31 13:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Connection closed by 202.133.90.219 port 44148 [preauth]
May 31 13:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user root
May 31 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31959]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31960]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31957]: pam_unix(cron:session): session closed for user p13x
May 31 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: Successful su for rubyman by root
May 31 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: + ??? root:rubyman
May 31 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429496 of user rubyman.
May 31 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: pam_unix(su:session): session closed for user rubyman
May 31 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429496.
May 31 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29136]: pam_unix(cron:session): session closed for user root
May 31 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session closed for user samftp
May 31 13:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Failed password for root from 202.133.90.219 port 41254 ssh2
May 31 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Connection closed by 202.133.90.219 port 41254 [preauth]
May 31 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session closed for user root
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session closed for user root
May 31 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32357]: pam_unix(cron:session): session closed for user p13x
May 31 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: Successful su for rubyman by root
May 31 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: + ??? root:rubyman
May 31 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429504 of user rubyman.
May 31 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: pam_unix(su:session): session closed for user rubyman
May 31 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429504.
May 31 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Invalid user solv from 80.94.92.186
May 31 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: input_userauth_request: invalid user solv [preauth]
May 31 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29636]: pam_unix(cron:session): session closed for user root
May 31 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user root
May 31 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user samftp
May 31 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Failed password for invalid user solv from 80.94.92.186 port 56962 ssh2
May 31 13:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Connection closed by 80.94.92.186 port 56962 [preauth]
May 31 13:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user admin from 2.57.121.112
May 31 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user admin [preauth]
May 31 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 13:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user admin from 2.57.121.112 port 19154 ssh2
May 31 13:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user admin from 2.57.121.112 port 19154 ssh2
May 31 13:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user admin from 2.57.121.112 port 19154 ssh2
May 31 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user admin from 2.57.121.112 port 19154 ssh2
May 31 13:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user admin from 2.57.121.112 port 19154 ssh2
May 31 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Received disconnect from 2.57.121.112 port 19154:11: Bye [preauth]
May 31 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Disconnected from 2.57.121.112 port 19154 [preauth]
May 31 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31450]: pam_unix(cron:session): session closed for user root
May 31 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Failed password for root from 202.133.90.219 port 59960 ssh2
May 31 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Connection closed by 202.133.90.219 port 59960 [preauth]
May 31 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[355]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user p13x
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[438]: Successful su for rubyman by root
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[438]: + ??? root:rubyman
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429506 of user rubyman.
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[438]: pam_unix(su:session): session closed for user rubyman
May 31 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429506.
May 31 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user root
May 31 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user samftp
May 31 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31960]: pam_unix(cron:session): session closed for user root
May 31 13:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Received disconnect from 213.199.52.47 port 58454:11: disconnected by user [preauth]
May 31 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Disconnected from 213.199.52.47 port 58454 [preauth]
May 31 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Failed password for root from 185.236.22.41 port 53660 ssh2
May 31 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Connection closed by 185.236.22.41 port 53660 [preauth]
May 31 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Failed password for root from 202.133.90.219 port 43430 ssh2
May 31 13:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Connection closed by 202.133.90.219 port 43430 [preauth]
May 31 13:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Invalid user Administrator from 80.94.95.115
May 31 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: input_userauth_request: invalid user Administrator [preauth]
May 31 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Failed password for invalid user Administrator from 80.94.95.115 port 44452 ssh2
May 31 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Connection closed by 80.94.95.115 port 44452 [preauth]
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[928]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session closed for user p13x
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: Successful su for rubyman by root
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: + ??? root:rubyman
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429509 of user rubyman.
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[991]: pam_unix(su:session): session closed for user rubyman
May 31 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429509.
May 31 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user root
May 31 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[925]: pam_unix(cron:session): session closed for user samftp
May 31 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Failed password for root from 193.228.128.84 port 46390 ssh2
May 31 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Connection closed by 193.228.128.84 port 46390 [preauth]
May 31 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 13:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1243]: Failed password for root from 103.77.242.62 port 33496 ssh2
May 31 13:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1243]: Connection closed by 103.77.242.62 port 33496 [preauth]
May 31 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user root
May 31 13:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Failed password for root from 202.133.90.219 port 44050 ssh2
May 31 13:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Connection closed by 202.133.90.219 port 44050 [preauth]
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1385]: pam_unix(cron:session): session closed for user p13x
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: Successful su for rubyman by root
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: + ??? root:rubyman
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429513 of user rubyman.
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: pam_unix(su:session): session closed for user rubyman
May 31 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429513.
May 31 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user root
May 31 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session closed for user samftp
May 31 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[355]: pam_unix(cron:session): session closed for user root
May 31 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 13:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Failed password for root from 38.93.206.2 port 10410 ssh2
May 31 13:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Connection closed by 38.93.206.2 port 10410 [preauth]
May 31 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1935]: pam_unix(cron:session): session closed for user p13x
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: Successful su for rubyman by root
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: + ??? root:rubyman
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429518 of user rubyman.
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: pam_unix(su:session): session closed for user rubyman
May 31 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429518.
May 31 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session closed for user root
May 31 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Invalid user ubuntu from 80.94.92.186
May 31 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: input_userauth_request: invalid user ubuntu [preauth]
May 31 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1942]: pam_unix(cron:session): session closed for user samftp
May 31 13:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Failed password for invalid user ubuntu from 80.94.92.186 port 59656 ssh2
May 31 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: Failed password for root from 202.133.90.219 port 34194 ssh2
May 31 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Connection closed by 80.94.92.186 port 59656 [preauth]
May 31 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: Connection closed by 202.133.90.219 port 34194 [preauth]
May 31 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 13:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2305]: Failed password for root from 103.173.227.57 port 46492 ssh2
May 31 13:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2305]: Connection closed by 103.173.227.57 port 46492 [preauth]
May 31 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[928]: pam_unix(cron:session): session closed for user root
May 31 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2413]: pam_unix(cron:session): session closed for user root
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2408]: pam_unix(cron:session): session closed for user p13x
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2481]: Successful su for rubyman by root
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2481]: + ??? root:rubyman
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429522 of user rubyman.
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2481]: pam_unix(su:session): session closed for user rubyman
May 31 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429522.
May 31 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session closed for user root
May 31 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31959]: pam_unix(cron:session): session closed for user root
May 31 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session closed for user samftp
May 31 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Failed password for root from 202.133.90.219 port 58398 ssh2
May 31 13:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Connection closed by 202.133.90.219 port 58398 [preauth]
May 31 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session closed for user root
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session closed for user p13x
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2929]: Successful su for rubyman by root
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2929]: + ??? root:rubyman
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429528 of user rubyman.
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2929]: pam_unix(su:session): session closed for user rubyman
May 31 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429528.
May 31 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
May 31 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session closed for user samftp
May 31 13:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Invalid user user from 45.148.10.121
May 31 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: input_userauth_request: invalid user user [preauth]
May 31 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Failed password for root from 170.82.76.2 port 42991 ssh2
May 31 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Connection closed by 170.82.76.2 port 42991 [preauth]
May 31 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Failed password for invalid user user from 45.148.10.121 port 54926 ssh2
May 31 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Connection closed by 45.148.10.121 port 54926 [preauth]
May 31 13:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Failed password for root from 202.133.90.219 port 46088 ssh2
May 31 13:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Connection closed by 202.133.90.219 port 46088 [preauth]
May 31 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session closed for user root
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session closed for user p13x
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3331]: Successful su for rubyman by root
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3331]: + ??? root:rubyman
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429531 of user rubyman.
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3331]: pam_unix(su:session): session closed for user rubyman
May 31 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429531.
May 31 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user root
May 31 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session closed for user samftp
May 31 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session closed for user root
May 31 13:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for root from 202.133.90.219 port 37038 ssh2
May 31 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Connection closed by 202.133.90.219 port 37038 [preauth]
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3666]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session closed for user p13x
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3818]: Successful su for rubyman by root
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3818]: + ??? root:rubyman
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429536 of user rubyman.
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3818]: pam_unix(su:session): session closed for user rubyman
May 31 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429536.
May 31 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[927]: pam_unix(cron:session): session closed for user root
May 31 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3664]: pam_unix(cron:session): session closed for user samftp
May 31 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Invalid user ubuntu from 80.94.92.186
May 31 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: input_userauth_request: invalid user ubuntu [preauth]
May 31 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Failed password for invalid user ubuntu from 80.94.92.186 port 34094 ssh2
May 31 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Connection closed by 80.94.92.186 port 34094 [preauth]
May 31 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Failed password for root from 87.251.79.125 port 48994 ssh2
May 31 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Connection closed by 87.251.79.125 port 48994 [preauth]
May 31 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session closed for user root
May 31 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Failed password for root from 202.133.90.219 port 37218 ssh2
May 31 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Connection closed by 202.133.90.219 port 37218 [preauth]
May 31 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 13:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Failed password for root from 194.113.233.25 port 35408 ssh2
May 31 13:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Connection closed by 194.113.233.25 port 35408 [preauth]
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session closed for user p13x
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4336]: Successful su for rubyman by root
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4336]: + ??? root:rubyman
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429539 of user rubyman.
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4336]: pam_unix(su:session): session closed for user rubyman
May 31 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429539.
May 31 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session closed for user root
May 31 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user samftp
May 31 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: Failed password for root from 37.233.85.71 port 59088 ssh2
May 31 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: Connection closed by 37.233.85.71 port 59088 [preauth]
May 31 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session closed for user root
May 31 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for root from 202.133.90.219 port 33320 ssh2
May 31 13:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Connection closed by 202.133.90.219 port 33320 [preauth]
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4673]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4673]: pam_unix(cron:session): session closed for user root
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session closed for user p13x
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: Successful su for rubyman by root
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: + ??? root:rubyman
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429544 of user rubyman.
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: pam_unix(su:session): session closed for user rubyman
May 31 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429544.
May 31 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session closed for user root
May 31 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session closed for user root
May 31 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4669]: pam_unix(cron:session): session closed for user samftp
May 31 13:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3666]: pam_unix(cron:session): session closed for user root
May 31 13:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5092]: Connection closed by 194.59.206.2 port 27786 [preauth]
May 31 13:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5105]: pam_unix(cron:session): session closed for user p13x
May 31 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5176]: Successful su for rubyman by root
May 31 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5176]: + ??? root:rubyman
May 31 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429551 of user rubyman.
May 31 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5176]: pam_unix(su:session): session closed for user rubyman
May 31 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429551.
May 31 13:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5094]: Failed password for root from 202.133.90.219 port 43368 ssh2
May 31 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5094]: Connection closed by 202.133.90.219 port 43368 [preauth]
May 31 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2411]: pam_unix(cron:session): session closed for user root
May 31 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5106]: pam_unix(cron:session): session closed for user samftp
May 31 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session closed for user root
May 31 13:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Failed password for root from 103.82.132.16 port 47896 ssh2
May 31 13:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Connection closed by 103.82.132.16 port 47896 [preauth]
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session closed for user p13x
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5576]: Successful su for rubyman by root
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5576]: + ??? root:rubyman
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429554 of user rubyman.
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5576]: pam_unix(su:session): session closed for user rubyman
May 31 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429554.
May 31 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session closed for user root
May 31 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session closed for user samftp
May 31 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Failed password for root from 185.156.73.233 port 32530 ssh2
May 31 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Connection closed by 185.156.73.233 port 32530 [preauth]
May 31 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Invalid user ubuntu from 80.94.92.186
May 31 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: input_userauth_request: invalid user ubuntu [preauth]
May 31 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Failed password for invalid user ubuntu from 80.94.92.186 port 36750 ssh2
May 31 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Connection closed by 80.94.92.186 port 36750 [preauth]
May 31 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: Failed password for root from 202.133.90.219 port 35900 ssh2
May 31 13:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5758]: Connection closed by 202.133.90.219 port 35900 [preauth]
May 31 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session closed for user root
May 31 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5902]: pam_unix(cron:session): session closed for user p13x
May 31 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5960]: Successful su for rubyman by root
May 31 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5960]: + ??? root:rubyman
May 31 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429557 of user rubyman.
May 31 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5960]: pam_unix(su:session): session closed for user rubyman
May 31 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429557.
May 31 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session closed for user root
May 31 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session closed for user samftp
May 31 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for root from 202.133.90.219 port 40322 ssh2
May 31 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Connection closed by 202.133.90.219 port 40322 [preauth]
May 31 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5108]: pam_unix(cron:session): session closed for user root
May 31 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6291]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session closed for user p13x
May 31 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: Successful su for rubyman by root
May 31 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: + ??? root:rubyman
May 31 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429561 of user rubyman.
May 31 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: pam_unix(su:session): session closed for user rubyman
May 31 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429561.
May 31 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3665]: pam_unix(cron:session): session closed for user root
May 31 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session closed for user samftp
May 31 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: Failed password for root from 80.66.85.226 port 34030 ssh2
May 31 13:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: Connection closed by 80.66.85.226 port 34030 [preauth]
May 31 13:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6588]: Failed password for root from 202.133.90.219 port 58474 ssh2
May 31 13:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6588]: Connection closed by 202.133.90.219 port 58474 [preauth]
May 31 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session closed for user root
May 31 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 13:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: Failed password for root from 109.172.54.111 port 33230 ssh2
May 31 13:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: Connection closed by 109.172.54.111 port 33230 [preauth]
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6680]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6679]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6682]: pam_unix(cron:session): session closed for user root
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6676]: pam_unix(cron:session): session closed for user p13x
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6759]: Successful su for rubyman by root
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6759]: + ??? root:rubyman
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429565 of user rubyman.
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6759]: pam_unix(su:session): session closed for user rubyman
May 31 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429565.
May 31 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6679]: pam_unix(cron:session): session closed for user root
May 31 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session closed for user root
May 31 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session closed for user samftp
May 31 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5905]: pam_unix(cron:session): session closed for user root
May 31 13:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Failed password for root from 202.133.90.219 port 35386 ssh2
May 31 13:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Connection closed by 202.133.90.219 port 35386 [preauth]
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session closed for user p13x
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7288]: Successful su for rubyman by root
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7288]: + ??? root:rubyman
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429572 of user rubyman.
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7288]: pam_unix(su:session): session closed for user rubyman
May 31 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429572.
May 31 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session closed for user root
May 31 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user samftp
May 31 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Invalid user sol from 80.94.92.186
May 31 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: input_userauth_request: invalid user sol [preauth]
May 31 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for invalid user sol from 80.94.92.186 port 39444 ssh2
May 31 13:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection closed by 80.94.92.186 port 39444 [preauth]
May 31 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6291]: pam_unix(cron:session): session closed for user root
May 31 13:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7572]: Failed password for root from 103.149.28.157 port 42644 ssh2
May 31 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7572]: Connection closed by 103.149.28.157 port 42644 [preauth]
May 31 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7610]: Failed password for root from 202.133.90.219 port 34952 ssh2
May 31 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7610]: Connection closed by 202.133.90.219 port 34952 [preauth]
May 31 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7669]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7665]: pam_unix(cron:session): session closed for user p13x
May 31 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7787]: Successful su for rubyman by root
May 31 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7787]: + ??? root:rubyman
May 31 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429576 of user rubyman.
May 31 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7787]: pam_unix(su:session): session closed for user rubyman
May 31 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429576.
May 31 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5107]: pam_unix(cron:session): session closed for user root
May 31 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7668]: pam_unix(cron:session): session closed for user samftp
May 31 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session closed for user root
May 31 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8113]: pam_unix(cron:session): session closed for user p13x
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8177]: Successful su for rubyman by root
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8177]: + ??? root:rubyman
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429579 of user rubyman.
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8177]: pam_unix(su:session): session closed for user rubyman
May 31 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429579.
May 31 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: Failed password for root from 202.133.90.219 port 60032 ssh2
May 31 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session closed for user root
May 31 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: Connection closed by 202.133.90.219 port 60032 [preauth]
May 31 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8114]: pam_unix(cron:session): session closed for user samftp
May 31 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user root
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8503]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8504]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session closed for user p13x
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8617]: Successful su for rubyman by root
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8617]: + ??? root:rubyman
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429584 of user rubyman.
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8617]: pam_unix(su:session): session closed for user rubyman
May 31 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429584.
May 31 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session closed for user root
May 31 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5904]: pam_unix(cron:session): session closed for user root
May 31 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session closed for user samftp
May 31 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Failed password for root from 202.133.90.219 port 44186 ssh2
May 31 13:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Connection closed by 202.133.90.219 port 44186 [preauth]
May 31 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session closed for user root
May 31 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 13:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Failed password for root from 62.133.62.83 port 49294 ssh2
May 31 13:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Connection closed by 62.133.62.83 port 49294 [preauth]
May 31 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Invalid user sol from 80.94.92.186
May 31 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: input_userauth_request: invalid user sol [preauth]
May 31 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: Received disconnect from 96.127.175.154 port 42994:11: disconnected by user [preauth]
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: Disconnected from 96.127.175.154 port 42994 [preauth]
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session closed for user root
May 31 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session closed for user p13x
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: Successful su for rubyman by root
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: + ??? root:rubyman
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429588 of user rubyman.
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session closed for user rubyman
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429588.
May 31 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Failed password for invalid user sol from 80.94.92.186 port 42120 ssh2
May 31 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Connection closed by 80.94.92.186 port 42120 [preauth]
May 31 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session closed for user root
May 31 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session closed for user root
May 31 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session closed for user samftp
May 31 13:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 202.133.90.219 port 38942 ssh2
May 31 13:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9294]: Failed password for root from 103.27.238.114 port 53682 ssh2
May 31 13:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9294]: Connection closed by 103.27.238.114 port 53682 [preauth]
May 31 13:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 202.133.90.219 port 38942 [preauth]
May 31 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session closed for user root
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9424]: pam_unix(cron:session): session closed for user p13x
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9488]: Successful su for rubyman by root
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9488]: + ??? root:rubyman
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429594 of user rubyman.
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9488]: pam_unix(su:session): session closed for user rubyman
May 31 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429594.
May 31 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6680]: pam_unix(cron:session): session closed for user root
May 31 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9425]: pam_unix(cron:session): session closed for user samftp
May 31 13:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9702]: Failed password for root from 202.133.90.219 port 59918 ssh2
May 31 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9702]: Connection closed by 202.133.90.219 port 59918 [preauth]
May 31 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8504]: pam_unix(cron:session): session closed for user root
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user p13x
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: Successful su for rubyman by root
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: + ??? root:rubyman
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429600 of user rubyman.
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: pam_unix(su:session): session closed for user rubyman
May 31 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429600.
May 31 13:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session closed for user root
May 31 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user samftp
May 31 13:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Failed password for root from 202.133.90.219 port 53612 ssh2
May 31 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session closed for user root
May 31 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Connection closed by 202.133.90.219 port 53612 [preauth]
May 31 13:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Received disconnect from 46.62.157.119 port 36358:11: disconnected by user [preauth]
May 31 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Disconnected from 46.62.157.119 port 36358 [preauth]
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session closed for user p13x
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10565]: Successful su for rubyman by root
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10565]: + ??? root:rubyman
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429604 of user rubyman.
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10565]: pam_unix(su:session): session closed for user rubyman
May 31 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429604.
May 31 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7669]: pam_unix(cron:session): session closed for user root
May 31 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Invalid user ftpuser from 80.94.95.116
May 31 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: input_userauth_request: invalid user ftpuser [preauth]
May 31 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10501]: pam_unix(cron:session): session closed for user samftp
May 31 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 13:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Failed password for invalid user ftpuser from 80.94.95.116 port 62576 ssh2
May 31 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Connection closed by 80.94.95.116 port 62576 [preauth]
May 31 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9427]: pam_unix(cron:session): session closed for user root
May 31 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Invalid user tracy from 67.207.84.8
May 31 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: input_userauth_request: invalid user tracy [preauth]
May 31 13:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Failed password for invalid user tracy from 67.207.84.8 port 35670 ssh2
May 31 13:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Connection closed by 67.207.84.8 port 35670 [preauth]
May 31 13:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Failed password for root from 202.133.90.219 port 38910 ssh2
May 31 13:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Connection closed by 202.133.90.219 port 38910 [preauth]
May 31 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: Invalid user sol from 80.94.92.186
May 31 13:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: input_userauth_request: invalid user sol [preauth]
May 31 13:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: Failed password for invalid user sol from 80.94.92.186 port 44802 ssh2
May 31 13:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10905]: Connection closed by 80.94.92.186 port 44802 [preauth]
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10928]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10929]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10926]: pam_unix(cron:session): session closed for user p13x
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: Successful su for rubyman by root
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: + ??? root:rubyman
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429606 of user rubyman.
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: pam_unix(su:session): session closed for user rubyman
May 31 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429606.
May 31 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8115]: pam_unix(cron:session): session closed for user root
May 31 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10927]: pam_unix(cron:session): session closed for user samftp
May 31 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session closed for user root
May 31 13:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Failed password for root from 202.133.90.219 port 42072 ssh2
May 31 13:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Connection closed by 202.133.90.219 port 42072 [preauth]
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11341]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session closed for user root
May 31 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session closed for user p13x
May 31 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: Successful su for rubyman by root
May 31 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: + ??? root:rubyman
May 31 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429613 of user rubyman.
May 31 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: pam_unix(su:session): session closed for user rubyman
May 31 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429613.
May 31 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user root
May 31 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8503]: pam_unix(cron:session): session closed for user root
May 31 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session closed for user samftp
May 31 13:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 13:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11664]: Failed password for root from 103.27.238.120 port 53466 ssh2
May 31 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11664]: Connection closed by 103.27.238.120 port 53466 [preauth]
May 31 13:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: Failed password for root from 103.27.238.116 port 52878 ssh2
May 31 13:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: Connection closed by 103.27.238.116 port 52878 [preauth]
May 31 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Invalid user user from 221.146.126.107
May 31 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: input_userauth_request: invalid user user [preauth]
May 31 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107
May 31 13:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user user from 221.146.126.107 port 39060 ssh2
May 31 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Received disconnect from 221.146.126.107 port 39060:11: Bye Bye [preauth]
May 31 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Disconnected from 221.146.126.107 port 39060 [preauth]
May 31 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Failed password for root from 89.223.69.22 port 53790 ssh2
May 31 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session closed for user root
May 31 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Connection closed by 89.223.69.22 port 53790 [preauth]
May 31 13:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for root from 62.133.63.178 port 41536 ssh2
May 31 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Connection closed by 62.133.63.178 port 41536 [preauth]
May 31 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: Failed password for root from 202.133.90.219 port 39112 ssh2
May 31 13:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: Connection closed by 202.133.90.219 port 39112 [preauth]
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11827]: pam_unix(cron:session): session closed for user p13x
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11903]: Successful su for rubyman by root
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11903]: + ??? root:rubyman
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429616 of user rubyman.
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11903]: pam_unix(su:session): session closed for user rubyman
May 31 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429616.
May 31 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session closed for user root
May 31 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11828]: pam_unix(cron:session): session closed for user samftp
May 31 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10929]: pam_unix(cron:session): session closed for user root
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12373]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user p13x
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12439]: Successful su for rubyman by root
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12439]: + ??? root:rubyman
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429621 of user rubyman.
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12439]: pam_unix(su:session): session closed for user rubyman
May 31 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429621.
May 31 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9426]: pam_unix(cron:session): session closed for user root
May 31 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12371]: pam_unix(cron:session): session closed for user samftp
May 31 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Failed password for root from 202.133.90.219 port 50794 ssh2
May 31 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Connection closed by 202.133.90.219 port 50794 [preauth]
May 31 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Connection closed by 168.144.118.243 port 47848 [preauth]
May 31 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session closed for user root
May 31 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: Invalid user sol from 80.94.92.186
May 31 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: input_userauth_request: invalid user sol [preauth]
May 31 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: Failed password for invalid user sol from 80.94.92.186 port 47468 ssh2
May 31 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: Connection closed by 80.94.92.186 port 47468 [preauth]
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session closed for user p13x
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: Successful su for rubyman by root
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: + ??? root:rubyman
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429624 of user rubyman.
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session closed for user rubyman
May 31 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429624.
May 31 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
May 31 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user samftp
May 31 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13070]: Failed password for root from 202.133.90.219 port 38528 ssh2
May 31 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13070]: Connection closed by 202.133.90.219 port 38528 [preauth]
May 31 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11830]: pam_unix(cron:session): session closed for user root
May 31 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13208]: pam_unix(cron:session): session closed for user p13x
May 31 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: Successful su for rubyman by root
May 31 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: + ??? root:rubyman
May 31 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429629 of user rubyman.
May 31 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: pam_unix(su:session): session closed for user rubyman
May 31 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429629.
May 31 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session closed for user root
May 31 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session closed for user samftp
May 31 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for root from 202.133.90.219 port 55914 ssh2
May 31 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Connection closed by 202.133.90.219 port 55914 [preauth]
May 31 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12373]: pam_unix(cron:session): session closed for user root
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13597]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13598]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13599]: pam_unix(cron:session): session closed for user root
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user p13x
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13658]: Successful su for rubyman by root
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13658]: + ??? root:rubyman
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429635 of user rubyman.
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13658]: pam_unix(su:session): session closed for user rubyman
May 31 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429635.
May 31 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session closed for user root
May 31 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10928]: pam_unix(cron:session): session closed for user root
May 31 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user samftp
May 31 13:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user root
May 31 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: Failed password for root from 202.133.90.219 port 53744 ssh2
May 31 13:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: Connection closed by 202.133.90.219 port 53744 [preauth]
May 31 13:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for root from 103.153.68.219 port 59700 ssh2
May 31 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Connection closed by 103.153.68.219 port 59700 [preauth]
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session closed for user p13x
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: Successful su for rubyman by root
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: + ??? root:rubyman
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429639 of user rubyman.
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: pam_unix(su:session): session closed for user rubyman
May 31 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429639.
May 31 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11341]: pam_unix(cron:session): session closed for user root
May 31 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session closed for user samftp
May 31 13:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.195.21.168  user=root
May 31 13:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Failed password for root from 159.195.21.168 port 33136 ssh2
May 31 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Received disconnect from 159.195.21.168 port 33136:11: Bye Bye [preauth]
May 31 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Disconnected from 159.195.21.168 port 33136 [preauth]
May 31 13:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: Failed password for root from 193.37.70.224 port 51980 ssh2
May 31 13:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14296]: Connection closed by 193.37.70.224 port 51980 [preauth]
May 31 13:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Invalid user solana from 80.94.92.186
May 31 13:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: input_userauth_request: invalid user solana [preauth]
May 31 13:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for invalid user solana from 80.94.92.186 port 50144 ssh2
May 31 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Connection closed by 80.94.92.186 port 50144 [preauth]
May 31 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user root
May 31 13:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Failed password for root from 202.133.90.219 port 60696 ssh2
May 31 13:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Connection closed by 202.133.90.219 port 60696 [preauth]
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session closed for user p13x
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: Successful su for rubyman by root
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: + ??? root:rubyman
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429643 of user rubyman.
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: pam_unix(su:session): session closed for user rubyman
May 31 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429643.
May 31 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11829]: pam_unix(cron:session): session closed for user root
May 31 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session closed for user samftp
May 31 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13598]: pam_unix(cron:session): session closed for user root
May 31 13:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 13:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Failed password for root from 202.133.90.219 port 47748 ssh2
May 31 13:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Failed password for root from 80.94.95.115 port 61888 ssh2
May 31 13:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Connection closed by 80.94.95.115 port 61888 [preauth]
May 31 13:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Connection closed by 202.133.90.219 port 47748 [preauth]
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14906]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session closed for user p13x
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: Successful su for rubyman by root
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: + ??? root:rubyman
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429646 of user rubyman.
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: pam_unix(su:session): session closed for user rubyman
May 31 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429646.
May 31 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session closed for user root
May 31 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session closed for user samftp
May 31 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session closed for user root
May 31 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session closed for user p13x
May 31 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: Successful su for rubyman by root
May 31 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: + ??? root:rubyman
May 31 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429651 of user rubyman.
May 31 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session closed for user rubyman
May 31 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429651.
May 31 13:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Failed password for root from 202.133.90.219 port 42200 ssh2
May 31 13:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user root
May 31 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Connection closed by 202.133.90.219 port 42200 [preauth]
May 31 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session closed for user samftp
May 31 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session closed for user root
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session closed for user root
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session closed for user p13x
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15758]: Successful su for rubyman by root
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15758]: + ??? root:rubyman
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429656 of user rubyman.
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15758]: pam_unix(su:session): session closed for user rubyman
May 31 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429656.
May 31 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user root
May 31 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user root
May 31 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session closed for user samftp
May 31 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Failed password for root from 202.133.90.219 port 47864 ssh2
May 31 13:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Connection closed by 202.133.90.219 port 47864 [preauth]
May 31 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Invalid user solana from 80.94.92.186
May 31 13:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: input_userauth_request: invalid user solana [preauth]
May 31 13:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Failed password for invalid user solana from 80.94.92.186 port 52824 ssh2
May 31 13:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 13:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Connection closed by 80.94.92.186 port 52824 [preauth]
May 31 13:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for root from 103.82.20.28 port 35674 ssh2
May 31 13:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Connection closed by 103.82.20.28 port 35674 [preauth]
May 31 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14907]: pam_unix(cron:session): session closed for user root
May 31 13:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Failed password for root from 221.146.126.107 port 36156 ssh2
May 31 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Received disconnect from 221.146.126.107 port 36156:11: Bye Bye [preauth]
May 31 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Disconnected from 221.146.126.107 port 36156 [preauth]
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session closed for user p13x
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16177]: Successful su for rubyman by root
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16177]: + ??? root:rubyman
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429662 of user rubyman.
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16177]: pam_unix(su:session): session closed for user rubyman
May 31 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429662.
May 31 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13597]: pam_unix(cron:session): session closed for user root
May 31 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session closed for user samftp
May 31 13:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Failed password for root from 202.133.90.219 port 35362 ssh2
May 31 13:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Connection closed by 202.133.90.219 port 35362 [preauth]
May 31 13:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.195.21.168  user=root
May 31 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: Failed password for root from 159.195.21.168 port 50810 ssh2
May 31 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user root
May 31 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: Received disconnect from 159.195.21.168 port 50810:11: Bye Bye [preauth]
May 31 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: Disconnected from 159.195.21.168 port 50810 [preauth]
May 31 13:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 13:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Failed password for root from 77.94.47.83 port 37372 ssh2
May 31 13:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Connection closed by 77.94.47.83 port 37372 [preauth]
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user p13x
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: Successful su for rubyman by root
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: + ??? root:rubyman
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429665 of user rubyman.
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: pam_unix(su:session): session closed for user rubyman
May 31 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429665.
May 31 13:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session closed for user root
May 31 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user samftp
May 31 13:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for root from 202.133.90.219 port 44238 ssh2
May 31 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
May 31 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 202.133.90.219 port 44238 [preauth]
May 31 13:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Invalid user deploy from 159.195.21.168
May 31 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: input_userauth_request: invalid user deploy [preauth]
May 31 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.195.21.168
May 31 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for invalid user deploy from 159.195.21.168 port 38670 ssh2
May 31 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Received disconnect from 159.195.21.168 port 38670:11: Bye Bye [preauth]
May 31 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Disconnected from 159.195.21.168 port 38670 [preauth]
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16895]: pam_unix(cron:session): session closed for user p13x
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16955]: Successful su for rubyman by root
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16955]: + ??? root:rubyman
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429669 of user rubyman.
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16955]: pam_unix(su:session): session closed for user rubyman
May 31 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429669.
May 31 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session closed for user root
May 31 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session closed for user samftp
May 31 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 13:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Failed password for root from 221.146.126.107 port 55284 ssh2
May 31 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Received disconnect from 221.146.126.107 port 55284:11: Bye Bye [preauth]
May 31 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Disconnected from 221.146.126.107 port 55284 [preauth]
May 31 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16109]: pam_unix(cron:session): session closed for user root
May 31 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: Failed password for root from 202.133.90.219 port 50030 ssh2
May 31 13:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: Connection closed by 202.133.90.219 port 50030 [preauth]
May 31 13:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
May 31 13:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for root from 45.148.10.121 port 42964 ssh2
May 31 13:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Connection closed by 45.148.10.121 port 42964 [preauth]
May 31 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user p13x
May 31 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17358]: Successful su for rubyman by root
May 31 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17358]: + ??? root:rubyman
May 31 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429672 of user rubyman.
May 31 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17358]: pam_unix(su:session): session closed for user rubyman
May 31 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429672.
May 31 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14906]: pam_unix(cron:session): session closed for user root
May 31 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user samftp
May 31 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.195.21.168  user=root
May 31 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Invalid user solana from 80.94.92.186
May 31 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: input_userauth_request: invalid user solana [preauth]
May 31 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: pam_unix(sshd:auth): check pass; user unknown
May 31 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Failed password for root from 159.195.21.168 port 35258 ssh2
May 31 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Received disconnect from 159.195.21.168 port 35258:11: Bye Bye [preauth]
May 31 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Disconnected from 159.195.21.168 port 35258 [preauth]
May 31 13:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Failed password for invalid user solana from 80.94.92.186 port 55490 ssh2
May 31 13:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Connection closed by 80.94.92.186 port 55490 [preauth]
May 31 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user root
May 31 13:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 13:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 13:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Failed password for root from 202.133.90.219 port 34158 ssh2
May 31 13:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Connection closed by 202.133.90.219 port 34158 [preauth]
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17778]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session closed for user root
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17778]: pam_unix(cron:session): session closed for user root
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17776]: pam_unix(cron:session): session closed for user p13x
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17874]: Successful su for rubyman by root
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17874]: + ??? root:rubyman
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429678 of user rubyman.
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17874]: pam_unix(su:session): session closed for user rubyman
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429678.
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: Received disconnect from 185.255.100.203 port 54794:11: disconnected by user [preauth]
May 31 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: Disconnected from 185.255.100.203 port 54794 [preauth]
May 31 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session closed for user root
May 31 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user root
May 31 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17777]: pam_unix(cron:session): session closed for user samftp
May 31 14:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Invalid user deploy from 221.146.126.107
May 31 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: input_userauth_request: invalid user deploy [preauth]
May 31 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107
May 31 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Failed password for invalid user deploy from 221.146.126.107 port 51332 ssh2
May 31 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Received disconnect from 221.146.126.107 port 51332:11: Bye Bye [preauth]
May 31 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Disconnected from 221.146.126.107 port 51332 [preauth]
May 31 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session closed for user root
May 31 14:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18297]: pam_unix(cron:session): session closed for user p13x
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: Successful su for rubyman by root
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: + ??? root:rubyman
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429684 of user rubyman.
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: pam_unix(su:session): session closed for user rubyman
May 31 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429684.
May 31 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Failed password for root from 202.133.90.219 port 60206 ssh2
May 31 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Connection closed by 202.133.90.219 port 60206 [preauth]
May 31 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user root
May 31 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18298]: pam_unix(cron:session): session closed for user samftp
May 31 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18803]: pam_unix(cron:session): session closed for user p13x
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: Successful su for rubyman by root
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: + ??? root:rubyman
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429687 of user rubyman.
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: pam_unix(su:session): session closed for user rubyman
May 31 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429687.
May 31 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16108]: pam_unix(cron:session): session closed for user root
May 31 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18804]: pam_unix(cron:session): session closed for user samftp
May 31 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 14:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for root from 109.237.96.109 port 54878 ssh2
May 31 14:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Connection closed by 109.237.96.109 port 54878 [preauth]
May 31 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Failed password for root from 202.133.90.219 port 38970 ssh2
May 31 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Connection closed by 202.133.90.219 port 38970 [preauth]
May 31 14:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Invalid user intel from 221.146.126.107
May 31 14:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: input_userauth_request: invalid user intel [preauth]
May 31 14:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107
May 31 14:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Failed password for invalid user intel from 221.146.126.107 port 44178 ssh2
May 31 14:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Received disconnect from 221.146.126.107 port 44178:11: Bye Bye [preauth]
May 31 14:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Disconnected from 221.146.126.107 port 44178 [preauth]
May 31 14:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session closed for user root
May 31 14:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 14:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Failed password for root from 147.45.197.250 port 49814 ssh2
May 31 14:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Connection closed by 147.45.197.250 port 49814 [preauth]
May 31 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session closed for user p13x
May 31 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: Successful su for rubyman by root
May 31 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: + ??? root:rubyman
May 31 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429692 of user rubyman.
May 31 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: pam_unix(su:session): session closed for user rubyman
May 31 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429692.
May 31 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May 31 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user samftp
May 31 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: Invalid user solana from 80.94.92.186
May 31 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: input_userauth_request: invalid user solana [preauth]
May 31 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: Failed password for invalid user solana from 80.94.92.186 port 58128 ssh2
May 31 14:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: Connection closed by 80.94.92.186 port 58128 [preauth]
May 31 14:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for root from 202.133.90.219 port 51412 ssh2
May 31 14:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Connection closed by 202.133.90.219 port 51412 [preauth]
May 31 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session closed for user root
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session closed for user p13x
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: Successful su for rubyman by root
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: + ??? root:rubyman
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429695 of user rubyman.
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: pam_unix(su:session): session closed for user rubyman
May 31 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429695.
May 31 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session closed for user root
May 31 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19920]: pam_unix(cron:session): session closed for user samftp
May 31 14:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Received disconnect from 91.223.69.87 port 52676:11: disconnected by user [preauth]
May 31 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Disconnected from 91.223.69.87 port 52676 [preauth]
May 31 14:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Invalid user kizzy from 221.146.126.107
May 31 14:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: input_userauth_request: invalid user kizzy [preauth]
May 31 14:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107
May 31 14:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Failed password for invalid user kizzy from 221.146.126.107 port 57178 ssh2
May 31 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Failed password for root from 202.133.90.219 port 48268 ssh2
May 31 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Received disconnect from 221.146.126.107 port 57178:11: Bye Bye [preauth]
May 31 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Disconnected from 221.146.126.107 port 57178 [preauth]
May 31 14:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Connection closed by 202.133.90.219 port 48268 [preauth]
May 31 14:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session closed for user root
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session closed for user root
May 31 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session closed for user p13x
May 31 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: Successful su for rubyman by root
May 31 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: + ??? root:rubyman
May 31 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429702 of user rubyman.
May 31 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: pam_unix(su:session): session closed for user rubyman
May 31 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429702.
May 31 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session closed for user root
May 31 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
May 31 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session closed for user samftp
May 31 14:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Failed password for root from 38.93.206.2 port 33748 ssh2
May 31 14:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Connection closed by 38.93.206.2 port 33748 [preauth]
May 31 14:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
May 31 14:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for root from 202.133.90.219 port 60666 ssh2
May 31 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Connection closed by 202.133.90.219 port 60666 [preauth]
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session closed for user p13x
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: Successful su for rubyman by root
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: + ??? root:rubyman
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429705 of user rubyman.
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: pam_unix(su:session): session closed for user rubyman
May 31 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429705.
May 31 14:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session closed for user root
May 31 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session closed for user samftp
May 31 14:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Received disconnect from 107.172.88.206 port 34378:11: disconnected by user [preauth]
May 31 14:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Disconnected from 107.172.88.206 port 34378 [preauth]
May 31 14:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: Failed password for root from 221.146.126.107 port 47470 ssh2
May 31 14:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: Received disconnect from 221.146.126.107 port 47470:11: Bye Bye [preauth]
May 31 14:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21272]: Disconnected from 221.146.126.107 port 47470 [preauth]
May 31 14:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session closed for user root
May 31 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21282]: Failed password for root from 185.156.73.233 port 47604 ssh2
May 31 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21282]: Connection closed by 185.156.73.233 port 47604 [preauth]
May 31 14:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Received disconnect from 96.8.116.34 port 41132:11: disconnected by user [preauth]
May 31 14:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Disconnected from 96.8.116.34 port 41132 [preauth]
May 31 14:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 14:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 14:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Failed password for root from 202.133.90.219 port 52738 ssh2
May 31 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Connection closed by 202.133.90.219 port 52738 [preauth]
May 31 14:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: Failed password for root from 147.45.199.80 port 39020 ssh2
May 31 14:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: Connection closed by 147.45.199.80 port 39020 [preauth]
May 31 14:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: Failed password for root from 103.176.20.57 port 33882 ssh2
May 31 14:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: Connection closed by 103.176.20.57 port 33882 [preauth]
May 31 14:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Invalid user solana from 80.94.92.186
May 31 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: input_userauth_request: invalid user solana [preauth]
May 31 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for invalid user solana from 80.94.92.186 port 60794 ssh2
May 31 14:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Connection closed by 80.94.92.186 port 60794 [preauth]
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user p13x
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: Successful su for rubyman by root
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: + ??? root:rubyman
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429710 of user rubyman.
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session closed for user rubyman
May 31 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429710.
May 31 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18299]: pam_unix(cron:session): session closed for user root
May 31 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user samftp
May 31 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session closed for user root
May 31 14:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 14:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Failed password for root from 89.108.118.91 port 48062 ssh2
May 31 14:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Connection closed by 89.108.118.91 port 48062 [preauth]
May 31 14:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for root from 202.133.90.219 port 58300 ssh2
May 31 14:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Connection closed by 202.133.90.219 port 58300 [preauth]
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session closed for user p13x
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21867]: Successful su for rubyman by root
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21867]: + ??? root:rubyman
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429713 of user rubyman.
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21867]: pam_unix(su:session): session closed for user rubyman
May 31 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429713.
May 31 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session closed for user root
May 31 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21805]: pam_unix(cron:session): session closed for user samftp
May 31 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session closed for user root
May 31 14:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for root from 221.146.126.107 port 51720 ssh2
May 31 14:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Received disconnect from 221.146.126.107 port 51720:11: Bye Bye [preauth]
May 31 14:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Disconnected from 221.146.126.107 port 51720 [preauth]
May 31 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session closed for user p13x
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22325]: Successful su for rubyman by root
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22325]: + ??? root:rubyman
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429718 of user rubyman.
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22325]: pam_unix(su:session): session closed for user rubyman
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429718.
May 31 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session closed for user root
May 31 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session closed for user root
May 31 14:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22210]: pam_unix(cron:session): session closed for user samftp
May 31 14:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for root from 202.133.90.219 port 59620 ssh2
May 31 14:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Connection closed by 202.133.90.219 port 59620 [preauth]
May 31 14:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session closed for user root
May 31 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22687]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session closed for user root
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session closed for user p13x
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22747]: Successful su for rubyman by root
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22747]: + ??? root:rubyman
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429726 of user rubyman.
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22747]: pam_unix(su:session): session closed for user rubyman
May 31 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429726.
May 31 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session closed for user root
May 31 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session closed for user root
May 31 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session closed for user samftp
May 31 14:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Failed password for root from 202.133.90.219 port 55458 ssh2
May 31 14:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Connection closed by 202.133.90.219 port 55458 [preauth]
May 31 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session closed for user root
May 31 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: Invalid user solana from 80.94.92.186
May 31 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: input_userauth_request: invalid user solana [preauth]
May 31 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: Failed password for invalid user solana from 80.94.92.186 port 35258 ssh2
May 31 14:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23030]: Connection closed by 80.94.92.186 port 35258 [preauth]
May 31 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Invalid user ftpuser from 221.146.126.107
May 31 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: input_userauth_request: invalid user ftpuser [preauth]
May 31 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107
May 31 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Failed password for invalid user ftpuser from 221.146.126.107 port 60758 ssh2
May 31 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Received disconnect from 221.146.126.107 port 60758:11: Bye Bye [preauth]
May 31 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Disconnected from 221.146.126.107 port 60758 [preauth]
May 31 14:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 14:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: Failed password for root from 103.122.221.179 port 52308 ssh2
May 31 14:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: Connection closed by 103.122.221.179 port 52308 [preauth]
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23103]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session closed for user p13x
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23164]: Successful su for rubyman by root
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23164]: + ??? root:rubyman
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429728 of user rubyman.
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23164]: pam_unix(su:session): session closed for user rubyman
May 31 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429728.
May 31 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session closed for user root
May 31 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session closed for user samftp
May 31 14:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23402]: Failed password for root from 202.133.90.219 port 33708 ssh2
May 31 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23402]: Connection closed by 202.133.90.219 port 33708 [preauth]
May 31 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session closed for user root
May 31 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Did not receive identification string from 69.164.217.74
May 31 14:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 14:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for root from 94.159.98.239 port 50328 ssh2
May 31 14:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Connection closed by 94.159.98.239 port 50328 [preauth]
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23528]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23529]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session closed for user p13x
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23585]: Successful su for rubyman by root
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23585]: + ??? root:rubyman
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429732 of user rubyman.
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23585]: pam_unix(su:session): session closed for user rubyman
May 31 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429732.
May 31 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session closed for user root
May 31 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23527]: pam_unix(cron:session): session closed for user samftp
May 31 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22687]: pam_unix(cron:session): session closed for user root
May 31 14:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: Failed password for root from 202.133.90.219 port 42072 ssh2
May 31 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: Connection closed by 202.133.90.219 port 42072 [preauth]
May 31 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Invalid user user from 221.146.126.107
May 31 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: input_userauth_request: invalid user user [preauth]
May 31 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107
May 31 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for invalid user user from 221.146.126.107 port 41422 ssh2
May 31 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Received disconnect from 221.146.126.107 port 41422:11: Bye Bye [preauth]
May 31 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Disconnected from 221.146.126.107 port 41422 [preauth]
May 31 14:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 14:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: Failed password for root from 103.77.175.15 port 50780 ssh2
May 31 14:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: Connection closed by 103.77.175.15 port 50780 [preauth]
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24033]: pam_unix(cron:session): session closed for user p13x
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24093]: Successful su for rubyman by root
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24093]: + ??? root:rubyman
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429736 of user rubyman.
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24093]: pam_unix(su:session): session closed for user rubyman
May 31 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429736.
May 31 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user root
May 31 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session closed for user samftp
May 31 14:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 14:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24334]: Received disconnect from 88.99.193.143 port 60450:11: disconnected by user [preauth]
May 31 14:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24334]: Disconnected from 88.99.193.143 port 60450 [preauth]
May 31 14:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: Failed password for root from 51.250.105.222 port 58508 ssh2
May 31 14:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: Connection closed by 51.250.105.222 port 58508 [preauth]
May 31 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session closed for user root
May 31 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Invalid user dev from 168.220.237.171
May 31 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: input_userauth_request: invalid user dev [preauth]
May 31 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.220.237.171
May 31 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for invalid user dev from 168.220.237.171 port 46242 ssh2
May 31 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Connection closed by 168.220.237.171 port 46242 [preauth]
May 31 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for root from 202.133.90.219 port 39296 ssh2
May 31 14:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Connection closed by 202.133.90.219 port 39296 [preauth]
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24475]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24476]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session closed for user p13x
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: Successful su for rubyman by root
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: + ??? root:rubyman
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429742 of user rubyman.
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: pam_unix(su:session): session closed for user rubyman
May 31 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429742.
May 31 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21806]: pam_unix(cron:session): session closed for user root
May 31 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session closed for user samftp
May 31 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 14:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: Invalid user solana from 80.94.92.186
May 31 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: input_userauth_request: invalid user solana [preauth]
May 31 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Failed password for root from 170.82.76.2 port 13565 ssh2
May 31 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Connection closed by 170.82.76.2 port 13565 [preauth]
May 31 14:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: Failed password for invalid user solana from 80.94.92.186 port 37910 ssh2
May 31 14:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24772]: Connection closed by 80.94.92.186 port 37910 [preauth]
May 31 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23529]: pam_unix(cron:session): session closed for user root
May 31 14:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: Failed password for root from 221.146.126.107 port 42308 ssh2
May 31 14:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: Received disconnect from 221.146.126.107 port 42308:11: Bye Bye [preauth]
May 31 14:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: Disconnected from 221.146.126.107 port 42308 [preauth]
May 31 14:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24897]: pam_unix(cron:session): session closed for user root
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session closed for user p13x
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24957]: Successful su for rubyman by root
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24957]: + ??? root:rubyman
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429744 of user rubyman.
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24957]: pam_unix(su:session): session closed for user rubyman
May 31 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429744.
May 31 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session closed for user root
May 31 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: Failed password for root from 202.133.90.219 port 53562 ssh2
May 31 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: Connection closed by 202.133.90.219 port 53562 [preauth]
May 31 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22211]: pam_unix(cron:session): session closed for user root
May 31 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session closed for user samftp
May 31 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session closed for user root
May 31 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25320]: pam_unix(cron:session): session closed for user p13x
May 31 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: Successful su for rubyman by root
May 31 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: + ??? root:rubyman
May 31 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429750 of user rubyman.
May 31 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: pam_unix(su:session): session closed for user rubyman
May 31 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429750.
May 31 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session closed for user root
May 31 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25321]: pam_unix(cron:session): session closed for user samftp
May 31 14:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: Failed password for root from 202.133.90.219 port 33828 ssh2
May 31 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: Connection closed by 202.133.90.219 port 33828 [preauth]
May 31 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24476]: pam_unix(cron:session): session closed for user root
May 31 14:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: Failed password for root from 221.146.126.107 port 40628 ssh2
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user root
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session closed for user p13x
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: Received disconnect from 221.146.126.107 port 40628:11: Bye Bye [preauth]
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: Disconnected from 221.146.126.107 port 40628 [preauth]
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25789]: Successful su for rubyman by root
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25789]: + ??? root:rubyman
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429757 of user rubyman.
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25789]: pam_unix(su:session): session closed for user rubyman
May 31 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429757.
May 31 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23103]: pam_unix(cron:session): session closed for user root
May 31 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session closed for user samftp
May 31 14:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Failed password for root from 202.133.90.219 port 39320 ssh2
May 31 14:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Connection closed by 202.133.90.219 port 39320 [preauth]
May 31 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session closed for user root
May 31 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Invalid user test from 185.156.73.233
May 31 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: input_userauth_request: invalid user test [preauth]
May 31 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test from 185.156.73.233 port 63768 ssh2
May 31 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Connection closed by 185.156.73.233 port 63768 [preauth]
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user p13x
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: Successful su for rubyman by root
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: + ??? root:rubyman
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429759 of user rubyman.
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: pam_unix(su:session): session closed for user rubyman
May 31 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429759.
May 31 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23528]: pam_unix(cron:session): session closed for user root
May 31 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user samftp
May 31 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: Bad protocol version identification '\026\003\001' from 152.32.157.92 port 56780
May 31 14:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: Invalid user solana from 80.94.92.186
May 31 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: input_userauth_request: invalid user solana [preauth]
May 31 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: Failed password for invalid user solana from 80.94.92.186 port 40604 ssh2
May 31 14:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: Connection closed by 80.94.92.186 port 40604 [preauth]
May 31 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Failed password for root from 202.133.90.219 port 41354 ssh2
May 31 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25323]: pam_unix(cron:session): session closed for user root
May 31 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Connection closed by 202.133.90.219 port 41354 [preauth]
May 31 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26425]: Did not receive identification string from 152.32.157.92
May 31 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26488]: Connection closed by 152.32.157.92 port 59160 [preauth]
May 31 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Protocol major versions differ for 152.32.157.92: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26519]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26520]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26517]: pam_unix(cron:session): session closed for user p13x
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26583]: Successful su for rubyman by root
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26583]: + ??? root:rubyman
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429765 of user rubyman.
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26583]: pam_unix(su:session): session closed for user rubyman
May 31 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429765.
May 31 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session closed for user root
May 31 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26518]: pam_unix(cron:session): session closed for user samftp
May 31 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Failed password for root from 221.146.126.107 port 53492 ssh2
May 31 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Received disconnect from 221.146.126.107 port 53492:11: Bye Bye [preauth]
May 31 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Disconnected from 221.146.126.107 port 53492 [preauth]
May 31 14:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session closed for user root
May 31 14:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: Failed password for root from 202.133.90.219 port 36690 ssh2
May 31 14:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: Connection closed by 202.133.90.219 port 36690 [preauth]
May 31 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Failed password for root from 103.15.222.183 port 54288 ssh2
May 31 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Connection closed by 103.15.222.183 port 54288 [preauth]
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27009]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session closed for user root
May 31 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session closed for user p13x
May 31 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27075]: Successful su for rubyman by root
May 31 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27075]: + ??? root:rubyman
May 31 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429769 of user rubyman.
May 31 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27075]: pam_unix(su:session): session closed for user rubyman
May 31 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429769.
May 31 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24475]: pam_unix(cron:session): session closed for user root
May 31 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session closed for user root
May 31 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session closed for user samftp
May 31 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user root
May 31 14:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Failed password for root from 202.133.90.219 port 43940 ssh2
May 31 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Connection closed by 202.133.90.219 port 43940 [preauth]
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session closed for user p13x
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27528]: Successful su for rubyman by root
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27528]: + ??? root:rubyman
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429774 of user rubyman.
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27528]: pam_unix(su:session): session closed for user rubyman
May 31 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429774.
May 31 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session closed for user root
May 31 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user samftp
May 31 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26520]: pam_unix(cron:session): session closed for user root
May 31 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: Failed password for root from 46.19.67.181 port 42054 ssh2
May 31 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Failed password for root from 221.146.126.107 port 51546 ssh2
May 31 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: Connection closed by 46.19.67.181 port 42054 [preauth]
May 31 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Received disconnect from 221.146.126.107 port 51546:11: Bye Bye [preauth]
May 31 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Disconnected from 221.146.126.107 port 51546 [preauth]
May 31 14:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Received disconnect from 198.38.85.149 port 36976:11: disconnected by user [preauth]
May 31 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Disconnected from 198.38.85.149 port 36976 [preauth]
May 31 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Failed password for root from 202.133.90.219 port 50146 ssh2
May 31 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user p13x
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: Successful su for rubyman by root
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: + ??? root:rubyman
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429777 of user rubyman.
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: pam_unix(su:session): session closed for user rubyman
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429777.
May 31 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Connection closed by 202.133.90.219 port 50146 [preauth]
May 31 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session closed for user root
May 31 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session closed for user samftp
May 31 14:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Invalid user matias from 213.209.159.56
May 31 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: input_userauth_request: invalid user matias [preauth]
May 31 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 14:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user matias from 213.209.159.56 port 7421 ssh2
May 31 14:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user matias from 213.209.159.56 port 7421 ssh2
May 31 14:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user matias from 213.209.159.56 port 7421 ssh2
May 31 14:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user matias from 213.209.159.56 port 7421 ssh2
May 31 14:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user matias from 213.209.159.56 port 7421 ssh2
May 31 14:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Received disconnect from 213.209.159.56 port 7421:11: Bye [preauth]
May 31 14:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Disconnected from 213.209.159.56 port 7421 [preauth]
May 31 14:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 14:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: Invalid user solr from 80.94.92.186
May 31 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: input_userauth_request: invalid user solr [preauth]
May 31 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session closed for user root
May 31 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: Failed password for invalid user solr from 80.94.92.186 port 43294 ssh2
May 31 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28254]: Connection closed by 80.94.92.186 port 43294 [preauth]
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28341]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user p13x
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28396]: Successful su for rubyman by root
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28396]: + ??? root:rubyman
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429781 of user rubyman.
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28396]: pam_unix(su:session): session closed for user rubyman
May 31 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429781.
May 31 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session closed for user root
May 31 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session closed for user samftp
May 31 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: Failed password for root from 193.228.128.84 port 42572 ssh2
May 31 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: Connection closed by 193.228.128.84 port 42572 [preauth]
May 31 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Failed password for root from 202.133.90.219 port 56502 ssh2
May 31 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Connection closed by 202.133.90.219 port 56502 [preauth]
May 31 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session closed for user root
May 31 14:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: Failed password for root from 185.236.22.41 port 50888 ssh2
May 31 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: Connection closed by 185.236.22.41 port 50888 [preauth]
May 31 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session closed for user p13x
May 31 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28899]: Successful su for rubyman by root
May 31 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28899]: + ??? root:rubyman
May 31 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429787 of user rubyman.
May 31 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28899]: pam_unix(su:session): session closed for user rubyman
May 31 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429787.
May 31 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user root
May 31 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session closed for user samftp
May 31 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.146.126.107  user=root
May 31 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29099]: Failed password for root from 221.146.126.107 port 36438 ssh2
May 31 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29099]: Received disconnect from 221.146.126.107 port 36438:11: Bye Bye [preauth]
May 31 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29099]: Disconnected from 221.146.126.107 port 36438 [preauth]
May 31 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Failed password for root from 202.133.90.219 port 38240 ssh2
May 31 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Connection closed by 202.133.90.219 port 38240 [preauth]
May 31 14:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 14:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Failed password for root from 103.149.170.125 port 54108 ssh2
May 31 14:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Connection closed by 103.149.170.125 port 54108 [preauth]
May 31 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session closed for user root
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29252]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29252]: pam_unix(cron:session): session closed for user root
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session closed for user p13x
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29325]: Successful su for rubyman by root
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29325]: + ??? root:rubyman
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429790 of user rubyman.
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29325]: pam_unix(su:session): session closed for user rubyman
May 31 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429790.
May 31 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26519]: pam_unix(cron:session): session closed for user root
May 31 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session closed for user root
May 31 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29244]: pam_unix(cron:session): session closed for user samftp
May 31 14:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 14:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29645]: Failed password for root from 103.172.78.219 port 50230 ssh2
May 31 14:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29645]: Connection closed by 103.172.78.219 port 50230 [preauth]
May 31 14:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28341]: pam_unix(cron:session): session closed for user root
May 31 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Failed password for root from 202.133.90.219 port 35106 ssh2
May 31 14:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Connection closed by 202.133.90.219 port 35106 [preauth]
May 31 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29807]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session closed for user p13x
May 31 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29882]: Successful su for rubyman by root
May 31 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29882]: + ??? root:rubyman
May 31 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429796 of user rubyman.
May 31 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29882]: pam_unix(su:session): session closed for user rubyman
May 31 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429796.
May 31 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27009]: pam_unix(cron:session): session closed for user root
May 31 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session closed for user samftp
May 31 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session closed for user root
May 31 14:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Failed password for root from 202.133.90.219 port 49110 ssh2
May 31 14:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Connection closed by 202.133.90.219 port 49110 [preauth]
May 31 14:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: Invalid user ubuntu from 80.94.92.186
May 31 14:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: input_userauth_request: invalid user ubuntu [preauth]
May 31 14:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: Failed password for invalid user ubuntu from 80.94.92.186 port 45962 ssh2
May 31 14:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: Connection closed by 80.94.92.186 port 45962 [preauth]
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30248]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session closed for user p13x
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: Successful su for rubyman by root
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: + ??? root:rubyman
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429799 of user rubyman.
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: pam_unix(su:session): session closed for user rubyman
May 31 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429799.
May 31 14:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user root
May 31 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30247]: pam_unix(cron:session): session closed for user samftp
May 31 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29250]: pam_unix(cron:session): session closed for user root
May 31 14:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 14:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: Failed password for root from 87.251.79.125 port 44194 ssh2
May 31 14:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: Connection closed by 87.251.79.125 port 44194 [preauth]
May 31 14:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Failed password for root from 202.133.90.219 port 44776 ssh2
May 31 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Connection closed by 202.133.90.219 port 44776 [preauth]
May 31 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30662]: pam_unix(cron:session): session closed for user p13x
May 31 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: Successful su for rubyman by root
May 31 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: + ??? root:rubyman
May 31 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429804 of user rubyman.
May 31 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: pam_unix(su:session): session closed for user rubyman
May 31 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429804.
May 31 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session closed for user root
May 31 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30663]: pam_unix(cron:session): session closed for user samftp
May 31 14:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29808]: pam_unix(cron:session): session closed for user root
May 31 14:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session closed for user p13x
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: Successful su for rubyman by root
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: + ??? root:rubyman
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429808 of user rubyman.
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: pam_unix(su:session): session closed for user rubyman
May 31 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429808.
May 31 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Failed password for root from 194.113.233.25 port 42452 ssh2
May 31 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Connection closed by 194.113.233.25 port 42452 [preauth]
May 31 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28340]: pam_unix(cron:session): session closed for user root
May 31 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session closed for user samftp
May 31 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Failed password for root from 202.133.90.219 port 60362 ssh2
May 31 14:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Connection closed by 202.133.90.219 port 60362 [preauth]
May 31 14:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 14:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Failed password for root from 185.156.73.233 port 20008 ssh2
May 31 14:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Connection closed by 185.156.73.233 port 20008 [preauth]
May 31 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session closed for user root
May 31 14:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 14:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for root from 37.233.85.71 port 53540 ssh2
May 31 14:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 37.233.85.71 port 53540 [preauth]
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session closed for user root
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31661]: pam_unix(cron:session): session closed for user p13x
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: Successful su for rubyman by root
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: + ??? root:rubyman
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429813 of user rubyman.
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: pam_unix(su:session): session closed for user rubyman
May 31 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429813.
May 31 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session closed for user root
May 31 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session closed for user root
May 31 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31662]: pam_unix(cron:session): session closed for user samftp
May 31 14:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31975]: Failed password for root from 202.133.90.219 port 57420 ssh2
May 31 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31975]: Connection closed by 202.133.90.219 port 57420 [preauth]
May 31 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session closed for user root
May 31 14:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Invalid user ubuntu from 80.94.92.186
May 31 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: input_userauth_request: invalid user ubuntu [preauth]
May 31 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Connection closed by 194.59.206.2 port 62190 [preauth]
May 31 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Failed password for invalid user ubuntu from 80.94.92.186 port 48664 ssh2
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session closed for user p13x
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32181]: Successful su for rubyman by root
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32181]: + ??? root:rubyman
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429817 of user rubyman.
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32181]: pam_unix(su:session): session closed for user rubyman
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429817.
May 31 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Connection closed by 80.94.92.186 port 48664 [preauth]
May 31 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session closed for user root
May 31 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session closed for user samftp
May 31 14:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
May 31 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Failed password for root from 147.45.211.215 port 43044 ssh2
May 31 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Connection closed by 147.45.211.215 port 43044 [preauth]
May 31 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session closed for user root
May 31 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Failed password for root from 202.133.90.219 port 46934 ssh2
May 31 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Connection closed by 202.133.90.219 port 46934 [preauth]
May 31 14:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: Invalid user ubnt from 45.148.10.121
May 31 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: input_userauth_request: invalid user ubnt [preauth]
May 31 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 14:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: Failed password for invalid user ubnt from 45.148.10.121 port 42798 ssh2
May 31 14:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32467]: Connection closed by 45.148.10.121 port 42798 [preauth]
May 31 14:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 14:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for root from 170.82.76.2 port 7961 ssh2
May 31 14:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Connection closed by 170.82.76.2 port 7961 [preauth]
May 31 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32534]: pam_unix(cron:session): session closed for user p13x
May 31 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32593]: Successful su for rubyman by root
May 31 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32593]: + ??? root:rubyman
May 31 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429822 of user rubyman.
May 31 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32593]: pam_unix(su:session): session closed for user rubyman
May 31 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429822.
May 31 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29807]: pam_unix(cron:session): session closed for user root
May 31 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user samftp
May 31 14:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 14:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for root from 103.173.227.57 port 51016 ssh2
May 31 14:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Connection closed by 103.173.227.57 port 51016 [preauth]
May 31 14:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session closed for user root
May 31 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Failed password for root from 202.133.90.219 port 60780 ssh2
May 31 14:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Connection closed by 202.133.90.219 port 60780 [preauth]
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[618]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[616]: pam_unix(cron:session): session closed for user p13x
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[681]: Successful su for rubyman by root
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[681]: + ??? root:rubyman
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429825 of user rubyman.
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[681]: pam_unix(su:session): session closed for user rubyman
May 31 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429825.
May 31 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30248]: pam_unix(cron:session): session closed for user root
May 31 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[617]: pam_unix(cron:session): session closed for user samftp
May 31 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Failed password for root from 103.77.242.62 port 44134 ssh2
May 31 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Connection closed by 103.77.242.62 port 44134 [preauth]
May 31 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session closed for user root
May 31 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 14:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: Failed password for root from 109.172.54.111 port 55480 ssh2
May 31 14:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: Connection closed by 109.172.54.111 port 55480 [preauth]
May 31 14:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: Failed password for root from 202.133.90.219 port 32996 ssh2
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1055]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1054]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1052]: pam_unix(cron:session): session closed for user p13x
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: Successful su for rubyman by root
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: + ??? root:rubyman
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429830 of user rubyman.
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: pam_unix(su:session): session closed for user rubyman
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429830.
May 31 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: Connection closed by 202.133.90.219 port 32996 [preauth]
May 31 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session closed for user root
May 31 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session closed for user samftp
May 31 14:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 14:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for root from 80.66.85.226 port 55596 ssh2
May 31 14:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Connection closed by 80.66.85.226 port 55596 [preauth]
May 31 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user root
May 31 14:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Invalid user ubuntu from 80.94.92.186
May 31 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: input_userauth_request: invalid user ubuntu [preauth]
May 31 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Failed password for invalid user ubuntu from 80.94.92.186 port 51330 ssh2
May 31 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Connection closed by 80.94.92.186 port 51330 [preauth]
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1617]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session closed for user root
May 31 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user p13x
May 31 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1692]: Successful su for rubyman by root
May 31 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1692]: + ??? root:rubyman
May 31 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429837 of user rubyman.
May 31 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1692]: pam_unix(su:session): session closed for user rubyman
May 31 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429837.
May 31 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session closed for user root
May 31 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session closed for user root
May 31 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session closed for user samftp
May 31 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Failed password for root from 202.133.90.219 port 34382 ssh2
May 31 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Connection closed by 202.133.90.219 port 34382 [preauth]
May 31 14:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
May 31 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: Failed password for root from 94.159.110.201 port 52092 ssh2
May 31 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: Connection closed by 94.159.110.201 port 52092 [preauth]
May 31 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session closed for user root
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session closed for user p13x
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2210]: Successful su for rubyman by root
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2210]: + ??? root:rubyman
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429839 of user rubyman.
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2210]: pam_unix(su:session): session closed for user rubyman
May 31 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429839.
May 31 14:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session closed for user root
May 31 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2124]: pam_unix(cron:session): session closed for user samftp
May 31 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Failed password for root from 202.133.90.219 port 45832 ssh2
May 31 14:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Connection closed by 202.133.90.219 port 45832 [preauth]
May 31 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1055]: pam_unix(cron:session): session closed for user root
May 31 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2576]: pam_unix(cron:session): session closed for user p13x
May 31 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2642]: Successful su for rubyman by root
May 31 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2642]: + ??? root:rubyman
May 31 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429844 of user rubyman.
May 31 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2642]: pam_unix(su:session): session closed for user rubyman
May 31 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429844.
May 31 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session closed for user root
May 31 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session closed for user samftp
May 31 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Failed password for root from 202.133.90.219 port 55348 ssh2
May 31 14:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Connection closed by 202.133.90.219 port 55348 [preauth]
May 31 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session closed for user root
May 31 14:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Received disconnect from 158.69.227.40 port 40230:11: disconnected by user [preauth]
May 31 14:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Disconnected from 158.69.227.40 port 40230 [preauth]
May 31 14:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Received disconnect from 172.110.219.251 port 33116:11: disconnected by user [preauth]
May 31 14:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Disconnected from 172.110.219.251 port 33116 [preauth]
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session closed for user p13x
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: Successful su for rubyman by root
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: + ??? root:rubyman
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429847 of user rubyman.
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: pam_unix(su:session): session closed for user rubyman
May 31 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429847.
May 31 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session closed for user root
May 31 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session closed for user samftp
May 31 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session closed for user root
May 31 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for root from 202.133.90.219 port 49126 ssh2
May 31 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Connection closed by 202.133.90.219 port 49126 [preauth]
May 31 14:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Invalid user ubuntu from 80.94.92.186
May 31 14:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: input_userauth_request: invalid user ubuntu [preauth]
May 31 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Failed password for invalid user ubuntu from 80.94.92.186 port 53992 ssh2
May 31 14:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Connection closed by 80.94.92.186 port 53992 [preauth]
May 31 14:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Failed password for root from 62.133.62.83 port 41398 ssh2
May 31 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Connection closed by 62.133.62.83 port 41398 [preauth]
May 31 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3386]: pam_unix(cron:session): session closed for user p13x
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3494]: Successful su for rubyman by root
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3494]: + ??? root:rubyman
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429852 of user rubyman.
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3494]: pam_unix(su:session): session closed for user rubyman
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429852.
May 31 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3384]: pam_unix(cron:session): session closed for user root
May 31 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[618]: pam_unix(cron:session): session closed for user root
May 31 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session closed for user samftp
May 31 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session closed for user root
May 31 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4009]: Failed password for root from 202.133.90.219 port 43430 ssh2
May 31 14:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4009]: Connection closed by 202.133.90.219 port 43430 [preauth]
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4069]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session closed for user root
May 31 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4066]: pam_unix(cron:session): session closed for user p13x
May 31 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: Successful su for rubyman by root
May 31 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: + ??? root:rubyman
May 31 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429859 of user rubyman.
May 31 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: pam_unix(su:session): session closed for user rubyman
May 31 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429859.
May 31 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1054]: pam_unix(cron:session): session closed for user root
May 31 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session closed for user root
May 31 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session closed for user samftp
May 31 14:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 14:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Failed password for root from 103.82.132.16 port 48128 ssh2
May 31 14:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Connection closed by 103.82.132.16 port 48128 [preauth]
May 31 14:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Received disconnect from 23.94.104.251 port 56242:11: disconnected by user [preauth]
May 31 14:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Disconnected from 23.94.104.251 port 56242 [preauth]
May 31 14:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user root
May 31 14:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for root from 202.133.90.219 port 33892 ssh2
May 31 14:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Connection closed by 202.133.90.219 port 33892 [preauth]
May 31 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4501]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4499]: pam_unix(cron:session): session closed for user p13x
May 31 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4569]: Successful su for rubyman by root
May 31 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4569]: + ??? root:rubyman
May 31 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429862 of user rubyman.
May 31 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4569]: pam_unix(su:session): session closed for user rubyman
May 31 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429862.
May 31 14:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1617]: pam_unix(cron:session): session closed for user root
May 31 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4500]: pam_unix(cron:session): session closed for user samftp
May 31 14:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session closed for user root
May 31 14:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4921]: pam_unix(cron:session): session closed for user p13x
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: Successful su for rubyman by root
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: + ??? root:rubyman
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429867 of user rubyman.
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: pam_unix(su:session): session closed for user rubyman
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429867.
May 31 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Failed password for root from 80.94.95.115 port 57824 ssh2
May 31 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Connection closed by 80.94.95.115 port 57824 [preauth]
May 31 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session closed for user root
May 31 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4922]: pam_unix(cron:session): session closed for user samftp
May 31 14:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5132]: Failed password for root from 202.133.90.219 port 60576 ssh2
May 31 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5132]: Connection closed by 202.133.90.219 port 60576 [preauth]
May 31 14:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: Invalid user ubuntu from 80.94.92.186
May 31 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: input_userauth_request: invalid user ubuntu [preauth]
May 31 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: Failed password for invalid user ubuntu from 80.94.92.186 port 56664 ssh2
May 31 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: Connection closed by 80.94.92.186 port 56664 [preauth]
May 31 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session closed for user root
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5318]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5317]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5315]: pam_unix(cron:session): session closed for user p13x
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5384]: Successful su for rubyman by root
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5384]: + ??? root:rubyman
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429870 of user rubyman.
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5384]: pam_unix(su:session): session closed for user rubyman
May 31 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429870.
May 31 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Invalid user paradiazine from 173.254.234.162
May 31 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: input_userauth_request: invalid user paradiazine [preauth]
May 31 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session closed for user root
May 31 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5316]: pam_unix(cron:session): session closed for user samftp
May 31 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user paradiazine from 173.254.234.162 port 48658 ssh2
May 31 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Connection closed by 173.254.234.162 port 48658 [preauth]
May 31 14:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for root from 202.133.90.219 port 39714 ssh2
May 31 14:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Connection closed by 202.133.90.219 port 39714 [preauth]
May 31 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session closed for user root
May 31 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5718]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5719]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5716]: pam_unix(cron:session): session closed for user p13x
May 31 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: Successful su for rubyman by root
May 31 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: + ??? root:rubyman
May 31 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429874 of user rubyman.
May 31 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: pam_unix(su:session): session closed for user rubyman
May 31 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429874.
May 31 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user root
May 31 14:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5717]: pam_unix(cron:session): session closed for user samftp
May 31 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4924]: pam_unix(cron:session): session closed for user root
May 31 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Failed password for root from 202.133.90.219 port 45686 ssh2
May 31 14:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Connection closed by 202.133.90.219 port 45686 [preauth]
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6095]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6096]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6097]: pam_unix(cron:session): session closed for user root
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6092]: pam_unix(cron:session): session closed for user p13x
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6160]: Successful su for rubyman by root
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6160]: + ??? root:rubyman
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429880 of user rubyman.
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6160]: pam_unix(su:session): session closed for user rubyman
May 31 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429880.
May 31 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session closed for user root
May 31 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session closed for user root
May 31 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session closed for user samftp
May 31 14:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5318]: pam_unix(cron:session): session closed for user root
May 31 14:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Failed password for root from 202.133.90.219 port 41170 ssh2
May 31 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Connection closed by 202.133.90.219 port 41170 [preauth]
May 31 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session closed for user p13x
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session closed for user root
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: Successful su for rubyman by root
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: + ??? root:rubyman
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429884 of user rubyman.
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: pam_unix(su:session): session closed for user rubyman
May 31 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429884.
May 31 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4069]: pam_unix(cron:session): session closed for user root
May 31 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session closed for user samftp
May 31 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Invalid user jupyter from 80.94.92.186
May 31 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: input_userauth_request: invalid user jupyter [preauth]
May 31 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Failed password for invalid user jupyter from 80.94.92.186 port 59368 ssh2
May 31 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Connection closed by 80.94.92.186 port 59368 [preauth]
May 31 14:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6820]: Failed password for root from 38.93.206.2 port 46748 ssh2
May 31 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6820]: Connection closed by 38.93.206.2 port 46748 [preauth]
May 31 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5719]: pam_unix(cron:session): session closed for user root
May 31 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Failed password for root from 202.133.90.219 port 33034 ssh2
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6949]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6951]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6947]: pam_unix(cron:session): session closed for user p13x
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: Successful su for rubyman by root
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: + ??? root:rubyman
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429889 of user rubyman.
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: pam_unix(su:session): session closed for user rubyman
May 31 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429889.
May 31 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Connection closed by 202.133.90.219 port 33034 [preauth]
May 31 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4501]: pam_unix(cron:session): session closed for user root
May 31 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6948]: pam_unix(cron:session): session closed for user samftp
May 31 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6096]: pam_unix(cron:session): session closed for user root
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user p13x
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7484]: Successful su for rubyman by root
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7484]: + ??? root:rubyman
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429893 of user rubyman.
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7484]: pam_unix(su:session): session closed for user rubyman
May 31 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429893.
May 31 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4923]: pam_unix(cron:session): session closed for user root
May 31 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7427]: pam_unix(cron:session): session closed for user samftp
May 31 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for root from 202.133.90.219 port 50184 ssh2
May 31 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Connection closed by 202.133.90.219 port 50184 [preauth]
May 31 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6516]: pam_unix(cron:session): session closed for user root
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session closed for user p13x
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: Successful su for rubyman by root
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: + ??? root:rubyman
May 31 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429897 of user rubyman.
May 31 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: pam_unix(su:session): session closed for user rubyman
May 31 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429897.
May 31 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5317]: pam_unix(cron:session): session closed for user root
May 31 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session closed for user samftp
May 31 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for root from 202.133.90.219 port 33084 ssh2
May 31 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Connection closed by 202.133.90.219 port 33084 [preauth]
May 31 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6951]: pam_unix(cron:session): session closed for user root
May 31 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Invalid user admin from 125.20.210.182
May 31 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: input_userauth_request: invalid user admin [preauth]
May 31 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Failed password for invalid user admin from 125.20.210.182 port 37214 ssh2
May 31 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Connection closed by 125.20.210.182 port 37214 [preauth]
May 31 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Invalid user grafana from 80.94.92.186
May 31 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: input_userauth_request: invalid user grafana [preauth]
May 31 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Failed password for invalid user grafana from 80.94.92.186 port 33798 ssh2
May 31 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Connection closed by 80.94.92.186 port 33798 [preauth]
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session closed for user root
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session closed for user p13x
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: Successful su for rubyman by root
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: + ??? root:rubyman
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429904 of user rubyman.
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: pam_unix(su:session): session closed for user rubyman
May 31 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429904.
May 31 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user root
May 31 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5718]: pam_unix(cron:session): session closed for user root
May 31 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user samftp
May 31 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8586]: Failed password for root from 103.27.238.114 port 35984 ssh2
May 31 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8586]: Connection closed by 103.27.238.114 port 35984 [preauth]
May 31 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session closed for user root
May 31 14:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 14:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Failed password for root from 202.133.90.219 port 38066 ssh2
May 31 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Connection closed by 202.133.90.219 port 38066 [preauth]
May 31 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Failed password for root from 62.133.63.178 port 45014 ssh2
May 31 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Connection closed by 62.133.63.178 port 45014 [preauth]
May 31 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Failed password for root from 193.37.70.224 port 47616 ssh2
May 31 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Connection closed by 193.37.70.224 port 47616 [preauth]
May 31 14:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Failed password for root from 103.149.28.157 port 53190 ssh2
May 31 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Connection closed by 103.149.28.157 port 53190 [preauth]
May 31 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Invalid user user from 2.57.121.25
May 31 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: input_userauth_request: invalid user user [preauth]
May 31 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for invalid user user from 2.57.121.25 port 52860 ssh2
May 31 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for invalid user user from 2.57.121.25 port 52860 ssh2
May 31 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for invalid user user from 2.57.121.25 port 52860 ssh2
May 31 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8743]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session closed for user p13x
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for invalid user user from 2.57.121.25 port 52860 ssh2
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: Successful su for rubyman by root
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: + ??? root:rubyman
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429908 of user rubyman.
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: pam_unix(su:session): session closed for user rubyman
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429908.
May 31 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for invalid user user from 2.57.121.25 port 52860 ssh2
May 31 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Received disconnect from 2.57.121.25 port 52860:11: Bye [preauth]
May 31 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Disconnected from 2.57.121.25 port 52860 [preauth]
May 31 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6095]: pam_unix(cron:session): session closed for user root
May 31 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8742]: pam_unix(cron:session): session closed for user samftp
May 31 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session closed for user root
May 31 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Failed password for root from 202.133.90.219 port 40662 ssh2
May 31 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Connection closed by 202.133.90.219 port 40662 [preauth]
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9155]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9154]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9152]: pam_unix(cron:session): session closed for user p13x
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: Successful su for rubyman by root
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: + ??? root:rubyman
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429911 of user rubyman.
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: pam_unix(su:session): session closed for user rubyman
May 31 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429911.
May 31 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session closed for user root
May 31 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9153]: pam_unix(cron:session): session closed for user samftp
May 31 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user root
May 31 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session closed for user p13x
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: Successful su for rubyman by root
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: + ??? root:rubyman
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429916 of user rubyman.
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: pam_unix(su:session): session closed for user rubyman
May 31 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429916.
May 31 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for root from 202.133.90.219 port 33464 ssh2
May 31 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Connection closed by 202.133.90.219 port 33464 [preauth]
May 31 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6949]: pam_unix(cron:session): session closed for user root
May 31 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session closed for user samftp
May 31 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Invalid user admin from 2.57.121.112
May 31 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: input_userauth_request: invalid user admin [preauth]
May 31 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Failed password for invalid user admin from 2.57.121.112 port 31712 ssh2
May 31 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Failed password for invalid user admin from 2.57.121.112 port 31712 ssh2
May 31 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Failed password for invalid user admin from 2.57.121.112 port 31712 ssh2
May 31 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Failed password for invalid user admin from 2.57.121.112 port 31712 ssh2
May 31 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Failed password for invalid user admin from 2.57.121.112 port 31712 ssh2
May 31 14:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Received disconnect from 2.57.121.112 port 31712:11: Bye [preauth]
May 31 14:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Disconnected from 2.57.121.112 port 31712 [preauth]
May 31 14:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 14:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session closed for user root
May 31 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 14:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Invalid user mapr from 80.94.92.186
May 31 14:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: input_userauth_request: invalid user mapr [preauth]
May 31 14:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Failed password for root from 80.94.95.115 port 26244 ssh2
May 31 14:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Connection closed by 80.94.95.115 port 26244 [preauth]
May 31 14:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Failed password for invalid user mapr from 80.94.92.186 port 36484 ssh2
May 31 14:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Connection closed by 80.94.92.186 port 36484 [preauth]
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session closed for user p13x
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10179]: Successful su for rubyman by root
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10179]: + ??? root:rubyman
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429919 of user rubyman.
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10179]: pam_unix(su:session): session closed for user rubyman
May 31 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429919.
May 31 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7429]: pam_unix(cron:session): session closed for user root
May 31 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user samftp
May 31 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Failed password for root from 202.133.90.219 port 49230 ssh2
May 31 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Connection closed by 202.133.90.219 port 49230 [preauth]
May 31 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9155]: pam_unix(cron:session): session closed for user root
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10629]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session closed for user root
May 31 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10625]: pam_unix(cron:session): session closed for user p13x
May 31 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10702]: Successful su for rubyman by root
May 31 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10702]: + ??? root:rubyman
May 31 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429925 of user rubyman.
May 31 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10702]: pam_unix(su:session): session closed for user rubyman
May 31 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429925.
May 31 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10629]: pam_unix(cron:session): session closed for user root
May 31 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session closed for user root
May 31 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10628]: pam_unix(cron:session): session closed for user samftp
May 31 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for root from 103.27.238.116 port 34098 ssh2
May 31 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 103.27.238.120 port 35898 ssh2
May 31 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Connection closed by 103.27.238.116 port 34098 [preauth]
May 31 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Connection closed by 103.27.238.120 port 35898 [preauth]
May 31 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Failed password for root from 202.133.90.219 port 46648 ssh2
May 31 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Connection closed by 202.133.90.219 port 46648 [preauth]
May 31 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session closed for user root
May 31 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Invalid user vince from 173.254.234.162
May 31 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: input_userauth_request: invalid user vince [preauth]
May 31 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 14:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for invalid user vince from 173.254.234.162 port 47018 ssh2
May 31 14:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Connection closed by 173.254.234.162 port 47018 [preauth]
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session closed for user p13x
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11158]: Successful su for rubyman by root
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11158]: + ??? root:rubyman
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429931 of user rubyman.
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11158]: pam_unix(su:session): session closed for user rubyman
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429931.
May 31 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session closed for user root
May 31 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session closed for user samftp
May 31 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Invalid user orangepi from 125.20.210.182
May 31 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: input_userauth_request: invalid user orangepi [preauth]
May 31 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 14:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Failed password for invalid user orangepi from 125.20.210.182 port 56064 ssh2
May 31 14:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Connection closed by 125.20.210.182 port 56064 [preauth]
May 31 14:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session closed for user root
May 31 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Failed password for root from 202.133.90.219 port 38112 ssh2
May 31 14:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Connection closed by 202.133.90.219 port 38112 [preauth]
May 31 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11525]: pam_unix(cron:session): session closed for user p13x
May 31 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11584]: Successful su for rubyman by root
May 31 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11584]: + ??? root:rubyman
May 31 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429933 of user rubyman.
May 31 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11584]: pam_unix(su:session): session closed for user rubyman
May 31 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429933.
May 31 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8743]: pam_unix(cron:session): session closed for user root
May 31 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session closed for user samftp
May 31 14:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Invalid user admin from 107.155.48.46
May 31 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: input_userauth_request: invalid user admin [preauth]
May 31 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.155.48.46
May 31 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Invalid user mapr from 80.94.92.186
May 31 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: input_userauth_request: invalid user mapr [preauth]
May 31 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: pam_unix(sshd:auth): check pass; user unknown
May 31 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session closed for user root
May 31 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for invalid user admin from 107.155.48.46 port 55382 ssh2
May 31 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Connection closed by 107.155.48.46 port 55382 [preauth]
May 31 14:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Failed password for invalid user mapr from 80.94.92.186 port 39158 ssh2
May 31 14:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Connection closed by 80.94.92.186 port 39158 [preauth]
May 31 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for root from 202.133.90.219 port 48336 ssh2
May 31 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 202.133.90.219 port 48336 [preauth]
May 31 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session closed for user p13x
May 31 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12043]: Successful su for rubyman by root
May 31 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12043]: + ??? root:rubyman
May 31 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429938 of user rubyman.
May 31 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12043]: pam_unix(su:session): session closed for user rubyman
May 31 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429938.
May 31 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9154]: pam_unix(cron:session): session closed for user root
May 31 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session closed for user samftp
May 31 14:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session closed for user root
May 31 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 14:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Failed password for root from 202.133.90.219 port 60828 ssh2
May 31 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Connection closed by 202.133.90.219 port 60828 [preauth]
May 31 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user p13x
May 31 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: Successful su for rubyman by root
May 31 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: + ??? root:rubyman
May 31 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429941 of user rubyman.
May 31 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: pam_unix(su:session): session closed for user rubyman
May 31 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429941.
May 31 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session closed for user root
May 31 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session closed for user samftp
May 31 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session closed for user root
May 31 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 14:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Connection reset by 69.5.169.72 port 10120 [preauth]
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session closed for user root
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session closed for user root
May 31 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session closed for user p13x
May 31 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: Successful su for rubyman by root
May 31 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: + ??? root:rubyman
May 31 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429946 of user rubyman.
May 31 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session closed for user rubyman
May 31 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429946.
May 31 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12924]: pam_unix(cron:session): session closed for user root
May 31 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user root
May 31 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session closed for user samftp
May 31 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 15:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Failed password for root from 202.133.90.219 port 54590 ssh2
May 31 15:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Connection closed by 202.133.90.219 port 54590 [preauth]
May 31 15:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Failed password for root from 103.153.68.219 port 59826 ssh2
May 31 15:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Connection closed by 103.153.68.219 port 59826 [preauth]
May 31 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: Invalid user hila from 173.254.234.162
May 31 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: input_userauth_request: invalid user hila [preauth]
May 31 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: Failed password for invalid user hila from 173.254.234.162 port 32964 ssh2
May 31 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: Connection closed by 173.254.234.162 port 32964 [preauth]
May 31 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session closed for user root
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session closed for user p13x
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13491]: Successful su for rubyman by root
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13491]: + ??? root:rubyman
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429952 of user rubyman.
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13491]: pam_unix(su:session): session closed for user rubyman
May 31 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429952.
May 31 15:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session closed for user root
May 31 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session closed for user samftp
May 31 15:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: Invalid user latitude from 80.94.92.186
May 31 15:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: input_userauth_request: invalid user latitude [preauth]
May 31 15:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: Failed password for root from 202.133.90.219 port 49042 ssh2
May 31 15:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: Connection closed by 202.133.90.219 port 49042 [preauth]
May 31 15:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: Failed password for invalid user latitude from 80.94.92.186 port 41838 ssh2
May 31 15:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13700]: Connection closed by 80.94.92.186 port 41838 [preauth]
May 31 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session closed for user root
May 31 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: Failed password for root from 77.94.47.83 port 46252 ssh2
May 31 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: Connection closed by 77.94.47.83 port 46252 [preauth]
May 31 15:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Failed password for root from 147.45.197.250 port 35616 ssh2
May 31 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Connection closed by 147.45.197.250 port 35616 [preauth]
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13840]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13838]: pam_unix(cron:session): session closed for user p13x
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13896]: Successful su for rubyman by root
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13896]: + ??? root:rubyman
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429958 of user rubyman.
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13896]: pam_unix(su:session): session closed for user rubyman
May 31 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429958.
May 31 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session closed for user root
May 31 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13839]: pam_unix(cron:session): session closed for user samftp
May 31 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: Failed password for root from 176.32.39.21 port 55480 ssh2
May 31 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: Connection closed by 176.32.39.21 port 55480 [preauth]
May 31 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Failed password for root from 202.133.90.219 port 44480 ssh2
May 31 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Connection closed by 202.133.90.219 port 44480 [preauth]
May 31 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session closed for user root
May 31 15:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: Failed password for root from 109.237.96.109 port 34196 ssh2
May 31 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: Connection closed by 109.237.96.109 port 34196 [preauth]
May 31 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14218]: Connection reset by 92.118.39.236 port 13894 [preauth]
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session closed for user p13x
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14288]: Successful su for rubyman by root
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14288]: + ??? root:rubyman
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429960 of user rubyman.
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14288]: pam_unix(su:session): session closed for user rubyman
May 31 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429960.
May 31 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session closed for user root
May 31 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session closed for user samftp
May 31 15:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13430]: pam_unix(cron:session): session closed for user root
May 31 15:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Failed password for root from 202.133.90.219 port 35160 ssh2
May 31 15:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Connection closed by 202.133.90.219 port 35160 [preauth]
May 31 15:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Failed password for root from 125.20.210.182 port 46996 ssh2
May 31 15:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Connection closed by 125.20.210.182 port 46996 [preauth]
May 31 15:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Connection closed by 45.148.10.121 port 56154 [preauth]
May 31 15:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 15:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Failed password for root from 185.156.73.233 port 45366 ssh2
May 31 15:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Connection closed by 185.156.73.233 port 45366 [preauth]
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session closed for user p13x
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: Successful su for rubyman by root
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: + ??? root:rubyman
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429964 of user rubyman.
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: pam_unix(su:session): session closed for user rubyman
May 31 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429964.
May 31 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session closed for user root
May 31 15:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session closed for user samftp
May 31 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session closed for user root
May 31 15:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Invalid user latitude from 80.94.92.186
May 31 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: input_userauth_request: invalid user latitude [preauth]
May 31 15:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Failed password for invalid user latitude from 80.94.92.186 port 44502 ssh2
May 31 15:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Connection closed by 80.94.92.186 port 44502 [preauth]
May 31 15:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: Failed password for root from 202.133.90.219 port 59202 ssh2
May 31 15:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: Connection closed by 202.133.90.219 port 59202 [preauth]
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15114]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15117]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15117]: pam_unix(cron:session): session closed for user root
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15112]: pam_unix(cron:session): session closed for user p13x
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: Successful su for rubyman by root
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: + ??? root:rubyman
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429971 of user rubyman.
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: pam_unix(su:session): session closed for user rubyman
May 31 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429971.
May 31 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15114]: pam_unix(cron:session): session closed for user root
May 31 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session closed for user root
May 31 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15113]: pam_unix(cron:session): session closed for user samftp
May 31 15:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session closed for user root
May 31 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session closed for user p13x
May 31 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: Successful su for rubyman by root
May 31 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: + ??? root:rubyman
May 31 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429975 of user rubyman.
May 31 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: pam_unix(su:session): session closed for user rubyman
May 31 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429975.
May 31 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session closed for user root
May 31 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user samftp
May 31 15:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Failed password for root from 202.133.90.219 port 48738 ssh2
May 31 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Connection closed by 202.133.90.219 port 48738 [preauth]
May 31 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session closed for user root
May 31 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 15:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: Failed password for root from 147.45.199.80 port 50586 ssh2
May 31 15:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: Connection closed by 147.45.199.80 port 50586 [preauth]
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15930]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session closed for user p13x
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15986]: Successful su for rubyman by root
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15986]: + ??? root:rubyman
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429978 of user rubyman.
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15986]: pam_unix(su:session): session closed for user rubyman
May 31 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429978.
May 31 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session closed for user root
May 31 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15929]: pam_unix(cron:session): session closed for user samftp
May 31 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 15:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for root from 103.82.20.28 port 42442 ssh2
May 31 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 103.82.20.28 port 42442 [preauth]
May 31 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Failed password for root from 202.133.90.219 port 52706 ssh2
May 31 15:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Connection closed by 202.133.90.219 port 52706 [preauth]
May 31 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session closed for user root
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16311]: pam_unix(cron:session): session closed for user p13x
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: Successful su for rubyman by root
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: + ??? root:rubyman
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429982 of user rubyman.
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: pam_unix(su:session): session closed for user rubyman
May 31 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429982.
May 31 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13840]: pam_unix(cron:session): session closed for user root
May 31 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16312]: pam_unix(cron:session): session closed for user samftp
May 31 15:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: Invalid user lighthouse from 80.94.92.186
May 31 15:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: input_userauth_request: invalid user lighthouse [preauth]
May 31 15:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: Failed password for invalid user lighthouse from 80.94.92.186 port 47190 ssh2
May 31 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: Connection closed by 80.94.92.186 port 47190 [preauth]
May 31 15:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Failed password for root from 202.133.90.219 port 38258 ssh2
May 31 15:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Connection closed by 202.133.90.219 port 38258 [preauth]
May 31 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user root
May 31 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session closed for user p13x
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: Successful su for rubyman by root
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: + ??? root:rubyman
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429988 of user rubyman.
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: pam_unix(su:session): session closed for user rubyman
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429988.
May 31 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session closed for user root
May 31 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session closed for user root
May 31 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session closed for user samftp
May 31 15:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session closed for user root
May 31 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 15:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Failed password for root from 202.133.90.219 port 42296 ssh2
May 31 15:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Connection closed by 202.133.90.219 port 42296 [preauth]
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17181]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session closed for user root
May 31 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session closed for user p13x
May 31 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17243]: Successful su for rubyman by root
May 31 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17243]: + ??? root:rubyman
May 31 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429991 of user rubyman.
May 31 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17243]: pam_unix(su:session): session closed for user rubyman
May 31 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429991.
May 31 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17181]: pam_unix(cron:session): session closed for user root
May 31 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session closed for user root
May 31 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session closed for user samftp
May 31 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session closed for user root
May 31 15:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Failed password for root from 125.20.210.182 port 57908 ssh2
May 31 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Invalid user openproject from 202.133.90.219
May 31 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: input_userauth_request: invalid user openproject [preauth]
May 31 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Connection closed by 125.20.210.182 port 57908 [preauth]
May 31 15:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Failed password for invalid user openproject from 202.133.90.219 port 46972 ssh2
May 31 15:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Connection closed by 202.133.90.219 port 46972 [preauth]
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session closed for user p13x
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17751]: Successful su for rubyman by root
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17751]: + ??? root:rubyman
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 429997 of user rubyman.
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17751]: pam_unix(su:session): session closed for user rubyman
May 31 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 429997.
May 31 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session closed for user root
May 31 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session closed for user samftp
May 31 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session closed for user root
May 31 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 15:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Failed password for root from 94.159.98.239 port 60416 ssh2
May 31 15:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Connection closed by 94.159.98.239 port 60416 [preauth]
May 31 15:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Invalid user odroid from 202.133.90.219
May 31 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: input_userauth_request: invalid user odroid [preauth]
May 31 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: Invalid user lighthouse from 80.94.92.186
May 31 15:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: input_userauth_request: invalid user lighthouse [preauth]
May 31 15:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Failed password for invalid user odroid from 202.133.90.219 port 50236 ssh2
May 31 15:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Connection closed by 202.133.90.219 port 50236 [preauth]
May 31 15:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: Failed password for invalid user lighthouse from 80.94.92.186 port 49846 ssh2
May 31 15:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: Connection closed by 80.94.92.186 port 49846 [preauth]
May 31 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18113]: pam_unix(cron:session): session closed for user p13x
May 31 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18179]: Successful su for rubyman by root
May 31 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18179]: + ??? root:rubyman
May 31 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430002 of user rubyman.
May 31 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18179]: pam_unix(su:session): session closed for user rubyman
May 31 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430002.
May 31 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user root
May 31 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session closed for user samftp
May 31 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session closed for user root
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user p13x
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: Successful su for rubyman by root
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: + ??? root:rubyman
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430006 of user rubyman.
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: pam_unix(su:session): session closed for user rubyman
May 31 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430006.
May 31 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15930]: pam_unix(cron:session): session closed for user root
May 31 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user samftp
May 31 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Invalid user netscreen from 202.133.90.219
May 31 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: input_userauth_request: invalid user netscreen [preauth]
May 31 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for invalid user netscreen from 202.133.90.219 port 50570 ssh2
May 31 15:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Connection closed by 202.133.90.219 port 50570 [preauth]
May 31 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user root
May 31 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19032]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19029]: pam_unix(cron:session): session closed for user p13x
May 31 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: Successful su for rubyman by root
May 31 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: + ??? root:rubyman
May 31 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430009 of user rubyman.
May 31 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: pam_unix(su:session): session closed for user rubyman
May 31 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430009.
May 31 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session closed for user root
May 31 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19030]: pam_unix(cron:session): session closed for user samftp
May 31 15:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: User mysql from 202.133.90.219 not allowed because not listed in AllowUsers
May 31 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: input_userauth_request: invalid user mysql [preauth]
May 31 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=mysql
May 31 15:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Failed password for invalid user mysql from 202.133.90.219 port 49904 ssh2
May 31 15:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Connection closed by 202.133.90.219 port 49904 [preauth]
May 31 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session closed for user root
May 31 15:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: Invalid user prueba from 185.156.73.233
May 31 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: input_userauth_request: invalid user prueba [preauth]
May 31 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 15:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: Failed password for invalid user prueba from 185.156.73.233 port 36750 ssh2
May 31 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: Connection closed by 185.156.73.233 port 36750 [preauth]
May 31 15:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Invalid user guest from 193.24.211.100
May 31 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: input_userauth_request: invalid user guest [preauth]
May 31 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100
May 31 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Failed password for invalid user guest from 193.24.211.100 port 11856 ssh2
May 31 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Received disconnect from 193.24.211.100 port 11856:11: Client disconnecting normally [preauth]
May 31 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Disconnected from 193.24.211.100 port 11856 [preauth]
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19724]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user root
May 31 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session closed for user p13x
May 31 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: Successful su for rubyman by root
May 31 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: + ??? root:rubyman
May 31 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430016 of user rubyman.
May 31 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: pam_unix(su:session): session closed for user rubyman
May 31 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430016.
May 31 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user root
May 31 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session closed for user root
May 31 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user samftp
May 31 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Invalid user minecraft from 202.133.90.219
May 31 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: input_userauth_request: invalid user minecraft [preauth]
May 31 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Failed password for invalid user minecraft from 202.133.90.219 port 37848 ssh2
May 31 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Connection closed by 202.133.90.219 port 37848 [preauth]
May 31 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: Invalid user lighthouse from 80.94.92.186
May 31 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: input_userauth_request: invalid user lighthouse [preauth]
May 31 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: Failed password for invalid user lighthouse from 80.94.92.186 port 52578 ssh2
May 31 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18607]: pam_unix(cron:session): session closed for user root
May 31 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: Connection closed by 80.94.92.186 port 52578 [preauth]
May 31 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20251]: pam_unix(cron:session): session closed for user p13x
May 31 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20324]: Successful su for rubyman by root
May 31 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20324]: + ??? root:rubyman
May 31 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430019 of user rubyman.
May 31 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20324]: pam_unix(su:session): session closed for user rubyman
May 31 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430019.
May 31 15:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session closed for user root
May 31 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20252]: pam_unix(cron:session): session closed for user samftp
May 31 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Failed password for root from 103.176.20.57 port 33952 ssh2
May 31 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Connection closed by 103.176.20.57 port 33952 [preauth]
May 31 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19032]: pam_unix(cron:session): session closed for user root
May 31 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Invalid user mc from 202.133.90.219
May 31 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: input_userauth_request: invalid user mc [preauth]
May 31 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Failed password for invalid user mc from 202.133.90.219 port 33372 ssh2
May 31 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Connection closed by 202.133.90.219 port 33372 [preauth]
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20763]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20761]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session closed for user root
May 31 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session closed for user p13x
May 31 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20837]: Successful su for rubyman by root
May 31 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20837]: + ??? root:rubyman
May 31 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430025 of user rubyman.
May 31 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20837]: pam_unix(su:session): session closed for user rubyman
May 31 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430025.
May 31 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session closed for user root
May 31 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session closed for user samftp
May 31 15:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19724]: pam_unix(cron:session): session closed for user root
May 31 15:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Failed password for root from 125.20.210.182 port 60690 ssh2
May 31 15:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Connection closed by 125.20.210.182 port 60690 [preauth]
May 31 15:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Received disconnect from 142.44.247.134 port 60104:11: disconnected by user [preauth]
May 31 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Disconnected from 142.44.247.134 port 60104 [preauth]
May 31 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Invalid user maria from 202.133.90.219
May 31 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: input_userauth_request: invalid user maria [preauth]
May 31 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Failed password for invalid user maria from 202.133.90.219 port 39532 ssh2
May 31 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Connection closed by 202.133.90.219 port 39532 [preauth]
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21182]: pam_unix(cron:session): session closed for user p13x
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: Successful su for rubyman by root
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: + ??? root:rubyman
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430029 of user rubyman.
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: pam_unix(su:session): session closed for user rubyman
May 31 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430029.
May 31 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session closed for user root
May 31 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21183]: pam_unix(cron:session): session closed for user samftp
May 31 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 15:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Failed password for root from 51.250.105.222 port 58884 ssh2
May 31 15:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Connection closed by 51.250.105.222 port 58884 [preauth]
May 31 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Failed password for root from 223.233.83.104 port 15589 ssh2
May 31 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Received disconnect from 223.233.83.104 port 15589:11: Bye Bye [preauth]
May 31 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Disconnected from 223.233.83.104 port 15589 [preauth]
May 31 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session closed for user root
May 31 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: Invalid user debian from 180.178.94.209
May 31 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: input_userauth_request: invalid user debian [preauth]
May 31 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209
May 31 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: Failed password for invalid user debian from 180.178.94.209 port 37196 ssh2
May 31 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: Received disconnect from 180.178.94.209 port 37196:11: Bye Bye [preauth]
May 31 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21545]: Disconnected from 180.178.94.209 port 37196 [preauth]
May 31 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Invalid user kishimoto from 202.133.90.219
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: input_userauth_request: invalid user kishimoto [preauth]
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session closed for user p13x
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21680]: Successful su for rubyman by root
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21680]: + ??? root:rubyman
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430032 of user rubyman.
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21680]: pam_unix(su:session): session closed for user rubyman
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430032.
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Failed password for invalid user kishimoto from 202.133.90.219 port 32850 ssh2
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Invalid user lighthouse from 80.94.92.186
May 31 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: input_userauth_request: invalid user lighthouse [preauth]
May 31 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Connection closed by 202.133.90.219 port 32850 [preauth]
May 31 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18606]: pam_unix(cron:session): session closed for user root
May 31 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Failed password for invalid user lighthouse from 80.94.92.186 port 55246 ssh2
May 31 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Connection closed by 80.94.92.186 port 55246 [preauth]
May 31 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session closed for user samftp
May 31 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20763]: pam_unix(cron:session): session closed for user root
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22013]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22011]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session closed for user root
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22009]: pam_unix(cron:session): session closed for user p13x
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: Successful su for rubyman by root
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: + ??? root:rubyman
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430038 of user rubyman.
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: pam_unix(su:session): session closed for user rubyman
May 31 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430038.
May 31 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22011]: pam_unix(cron:session): session closed for user root
May 31 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19031]: pam_unix(cron:session): session closed for user root
May 31 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22010]: pam_unix(cron:session): session closed for user samftp
May 31 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Invalid user iptv from 202.133.90.219
May 31 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: input_userauth_request: invalid user iptv [preauth]
May 31 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Failed password for invalid user iptv from 202.133.90.219 port 37164 ssh2
May 31 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Connection closed by 202.133.90.219 port 37164 [preauth]
May 31 15:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session closed for user root
May 31 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22437]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session closed for user p13x
May 31 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: Successful su for rubyman by root
May 31 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: + ??? root:rubyman
May 31 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430042 of user rubyman.
May 31 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22502]: pam_unix(su:session): session closed for user rubyman
May 31 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430042.
May 31 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user root
May 31 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user samftp
May 31 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Invalid user info from 202.133.90.219
May 31 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: input_userauth_request: invalid user info [preauth]
May 31 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Failed password for invalid user info from 202.133.90.219 port 52584 ssh2
May 31 15:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Connection closed by 202.133.90.219 port 52584 [preauth]
May 31 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session closed for user root
May 31 15:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for root from 103.122.221.179 port 57544 ssh2
May 31 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Connection closed by 103.122.221.179 port 57544 [preauth]
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22841]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session closed for user p13x
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: Successful su for rubyman by root
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: + ??? root:rubyman
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430046 of user rubyman.
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: pam_unix(su:session): session closed for user rubyman
May 31 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430046.
May 31 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session closed for user root
May 31 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22836]: pam_unix(cron:session): session closed for user samftp
May 31 15:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: Invalid user huawei from 202.133.90.219
May 31 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: input_userauth_request: invalid user huawei [preauth]
May 31 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: Failed password for invalid user huawei from 202.133.90.219 port 40794 ssh2
May 31 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23099]: Connection closed by 202.133.90.219 port 40794 [preauth]
May 31 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22013]: pam_unix(cron:session): session closed for user root
May 31 15:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Invalid user solana from 80.94.92.186
May 31 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: input_userauth_request: invalid user solana [preauth]
May 31 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Failed password for invalid user solana from 80.94.92.186 port 57922 ssh2
May 31 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Connection closed by 80.94.92.186 port 57922 [preauth]
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23219]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session closed for user p13x
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: Successful su for rubyman by root
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: + ??? root:rubyman
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430052 of user rubyman.
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: pam_unix(su:session): session closed for user rubyman
May 31 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430052.
May 31 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20761]: pam_unix(cron:session): session closed for user root
May 31 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session closed for user samftp
May 31 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22437]: pam_unix(cron:session): session closed for user root
May 31 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: Invalid user hadoop from 202.133.90.219
May 31 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: input_userauth_request: invalid user hadoop [preauth]
May 31 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: Failed password for invalid user hadoop from 202.133.90.219 port 54302 ssh2
May 31 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23554]: Connection closed by 202.133.90.219 port 54302 [preauth]
May 31 15:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 15:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Failed password for root from 193.228.128.84 port 57242 ssh2
May 31 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Connection closed by 193.228.128.84 port 57242 [preauth]
May 31 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session closed for user p13x
May 31 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23700]: Successful su for rubyman by root
May 31 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23700]: + ??? root:rubyman
May 31 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430056 of user rubyman.
May 31 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23700]: pam_unix(su:session): session closed for user rubyman
May 31 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430056.
May 31 15:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session closed for user root
May 31 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session closed for user samftp
May 31 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22841]: pam_unix(cron:session): session closed for user root
May 31 15:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 15:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: Failed password for root from 125.20.210.182 port 39328 ssh2
May 31 15:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: Connection closed by 125.20.210.182 port 39328 [preauth]
May 31 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Invalid user hadoop from 202.133.90.219
May 31 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: input_userauth_request: invalid user hadoop [preauth]
May 31 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Failed password for root from 89.223.69.22 port 54044 ssh2
May 31 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Connection closed by 89.223.69.22 port 54044 [preauth]
May 31 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user hadoop from 202.133.90.219 port 56036 ssh2
May 31 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Connection closed by 202.133.90.219 port 56036 [preauth]
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user root
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session closed for user p13x
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24220]: Successful su for rubyman by root
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24220]: + ??? root:rubyman
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430060 of user rubyman.
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24220]: pam_unix(su:session): session closed for user rubyman
May 31 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430060.
May 31 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session closed for user root
May 31 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session closed for user root
May 31 15:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24145]: pam_unix(cron:session): session closed for user samftp
May 31 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23219]: pam_unix(cron:session): session closed for user root
May 31 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Invalid user test from 80.94.95.116
May 31 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: input_userauth_request: invalid user test [preauth]
May 31 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Failed password for invalid user test from 80.94.95.116 port 25828 ssh2
May 31 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Connection closed by 80.94.95.116 port 25828 [preauth]
May 31 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Invalid user hadoop from 202.133.90.219
May 31 15:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: input_userauth_request: invalid user hadoop [preauth]
May 31 15:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Failed password for invalid user hadoop from 202.133.90.219 port 56848 ssh2
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session closed for user p13x
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: Successful su for rubyman by root
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: + ??? root:rubyman
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430065 of user rubyman.
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: pam_unix(su:session): session closed for user rubyman
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430065.
May 31 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Connection closed by 202.133.90.219 port 56848 [preauth]
May 31 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22012]: pam_unix(cron:session): session closed for user root
May 31 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session closed for user samftp
May 31 15:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: Invalid user sol from 80.94.92.186
May 31 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: input_userauth_request: invalid user sol [preauth]
May 31 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: Failed password for invalid user sol from 80.94.92.186 port 60606 ssh2
May 31 15:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24883]: Connection closed by 80.94.92.186 port 60606 [preauth]
May 31 15:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Failed password for root from 180.178.94.209 port 56864 ssh2
May 31 15:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Received disconnect from 180.178.94.209 port 56864:11: Bye Bye [preauth]
May 31 15:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Disconnected from 180.178.94.209 port 56864 [preauth]
May 31 15:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session closed for user root
May 31 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Invalid user report from 223.233.83.104
May 31 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: input_userauth_request: invalid user report [preauth]
May 31 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104
May 31 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Failed password for root from 20.203.42.204 port 41278 ssh2
May 31 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Failed password for invalid user report from 223.233.83.104 port 27093 ssh2
May 31 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Received disconnect from 20.203.42.204 port 41278:11: Bye Bye [preauth]
May 31 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Disconnected from 20.203.42.204 port 41278 [preauth]
May 31 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Received disconnect from 223.233.83.104 port 27093:11: Bye Bye [preauth]
May 31 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Disconnected from 223.233.83.104 port 27093 [preauth]
May 31 15:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session closed for user p13x
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: Successful su for rubyman by root
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: + ??? root:rubyman
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430069 of user rubyman.
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: pam_unix(su:session): session closed for user rubyman
May 31 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430069.
May 31 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: Failed password for root from 185.236.22.41 port 41940 ssh2
May 31 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: Connection closed by 185.236.22.41 port 41940 [preauth]
May 31 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session closed for user root
May 31 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session closed for user samftp
May 31 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: Failed password for root from 87.251.79.125 port 39638 ssh2
May 31 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25269]: Connection closed by 87.251.79.125 port 39638 [preauth]
May 31 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Invalid user grid from 202.133.90.219
May 31 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: input_userauth_request: invalid user grid [preauth]
May 31 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Failed password for invalid user grid from 202.133.90.219 port 58656 ssh2
May 31 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25291]: Failed password for root from 194.113.233.25 port 49096 ssh2
May 31 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Connection closed by 202.133.90.219 port 58656 [preauth]
May 31 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25291]: Connection closed by 194.113.233.25 port 49096 [preauth]
May 31 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user root
May 31 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: Failed password for root from 38.93.206.2 port 16686 ssh2
May 31 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: Connection closed by 38.93.206.2 port 16686 [preauth]
May 31 15:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Connection reset by 69.5.169.15 port 10068 [preauth]
May 31 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Failed password for root from 103.15.222.183 port 36532 ssh2
May 31 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Connection closed by 103.15.222.183 port 36532 [preauth]
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session closed for user p13x
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25506]: Successful su for rubyman by root
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25506]: + ??? root:rubyman
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430072 of user rubyman.
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25506]: pam_unix(su:session): session closed for user rubyman
May 31 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430072.
May 31 15:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session closed for user root
May 31 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session closed for user samftp
May 31 15:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Failed password for root from 180.178.94.209 port 56904 ssh2
May 31 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Received disconnect from 180.178.94.209 port 56904:11: Bye Bye [preauth]
May 31 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Disconnected from 180.178.94.209 port 56904 [preauth]
May 31 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Invalid user git from 202.133.90.219
May 31 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: input_userauth_request: invalid user git [preauth]
May 31 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Failed password for root from 223.233.83.104 port 7991 ssh2
May 31 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Received disconnect from 223.233.83.104 port 7991:11: Bye Bye [preauth]
May 31 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Disconnected from 223.233.83.104 port 7991 [preauth]
May 31 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Failed password for invalid user git from 202.133.90.219 port 44476 ssh2
May 31 15:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Connection closed by 202.133.90.219 port 44476 [preauth]
May 31 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session closed for user root
May 31 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25847]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session closed for user p13x
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: Successful su for rubyman by root
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: + ??? root:rubyman
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430078 of user rubyman.
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: pam_unix(su:session): session closed for user rubyman
May 31 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430078.
May 31 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session closed for user root
May 31 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25846]: pam_unix(cron:session): session closed for user samftp
May 31 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session closed for user root
May 31 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Invalid user gitlab from 202.133.90.219
May 31 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: input_userauth_request: invalid user gitlab [preauth]
May 31 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Failed password for invalid user gitlab from 202.133.90.219 port 33040 ssh2
May 31 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Connection closed by 202.133.90.219 port 33040 [preauth]
May 31 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Failed password for root from 20.203.42.204 port 43618 ssh2
May 31 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Received disconnect from 20.203.42.204 port 43618:11: Bye Bye [preauth]
May 31 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Disconnected from 20.203.42.204 port 43618 [preauth]
May 31 15:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Invalid user sol from 80.94.92.186
May 31 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: input_userauth_request: invalid user sol [preauth]
May 31 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Failed password for invalid user sol from 80.94.92.186 port 35072 ssh2
May 31 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Connection closed by 80.94.92.186 port 35072 [preauth]
May 31 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Failed password for root from 180.178.94.209 port 53266 ssh2
May 31 15:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Received disconnect from 180.178.94.209 port 53266:11: Bye Bye [preauth]
May 31 15:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Disconnected from 180.178.94.209 port 53266 [preauth]
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user root
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session closed for user p13x
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: Successful su for rubyman by root
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: + ??? root:rubyman
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430080 of user rubyman.
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: pam_unix(su:session): session closed for user rubyman
May 31 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430080.
May 31 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session closed for user root
May 31 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session closed for user root
May 31 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session closed for user samftp
May 31 15:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Failed password for root from 223.233.83.104 port 12672 ssh2
May 31 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Received disconnect from 223.233.83.104 port 12672:11: Bye Bye [preauth]
May 31 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Disconnected from 223.233.83.104 port 12672 [preauth]
May 31 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: Failed password for root from 89.108.118.91 port 33134 ssh2
May 31 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: Connection closed by 89.108.118.91 port 33134 [preauth]
May 31 15:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
May 31 15:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: Invalid user ftpuser from 202.133.90.219
May 31 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: input_userauth_request: invalid user ftpuser [preauth]
May 31 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: Failed password for invalid user ftpuser from 202.133.90.219 port 57320 ssh2
May 31 15:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: Connection closed by 202.133.90.219 port 57320 [preauth]
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: Connection closed by 194.59.206.2 port 50988 [preauth]
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Invalid user test from 45.148.10.121
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: input_userauth_request: invalid user test [preauth]
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 15:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Failed password for invalid user test from 45.148.10.121 port 41852 ssh2
May 31 15:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Connection closed by 45.148.10.121 port 41852 [preauth]
May 31 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session closed for user p13x
May 31 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26825]: Successful su for rubyman by root
May 31 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26825]: + ??? root:rubyman
May 31 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430087 of user rubyman.
May 31 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26825]: pam_unix(su:session): session closed for user rubyman
May 31 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430087.
May 31 15:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session closed for user root
May 31 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user samftp
May 31 15:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25848]: pam_unix(cron:session): session closed for user root
May 31 15:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: Failed password for root from 125.20.210.182 port 46710 ssh2
May 31 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: Connection closed by 125.20.210.182 port 46710 [preauth]
May 31 15:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Failed password for root from 180.178.94.209 port 55126 ssh2
May 31 15:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Received disconnect from 180.178.94.209 port 55126:11: Bye Bye [preauth]
May 31 15:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Disconnected from 180.178.94.209 port 55126 [preauth]
May 31 15:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 15:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: Failed password for root from 103.77.175.15 port 33028 ssh2
May 31 15:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: Connection closed by 103.77.175.15 port 33028 [preauth]
May 31 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Invalid user frappe from 202.133.90.219
May 31 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: input_userauth_request: invalid user frappe [preauth]
May 31 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Failed password for invalid user frappe from 202.133.90.219 port 41796 ssh2
May 31 15:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 15:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Connection closed by 202.133.90.219 port 41796 [preauth]
May 31 15:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Failed password for root from 37.233.85.71 port 37816 ssh2
May 31 15:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Connection closed by 37.233.85.71 port 37816 [preauth]
May 31 15:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Invalid user ubuntu from 223.233.83.104
May 31 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104
May 31 15:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27183]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27181]: pam_unix(cron:session): session closed for user p13x
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27245]: Successful su for rubyman by root
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27245]: + ??? root:rubyman
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430090 of user rubyman.
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27245]: pam_unix(su:session): session closed for user rubyman
May 31 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430090.
May 31 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for invalid user ubuntu from 223.233.83.104 port 19063 ssh2
May 31 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Received disconnect from 223.233.83.104 port 19063:11: Bye Bye [preauth]
May 31 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Disconnected from 223.233.83.104 port 19063 [preauth]
May 31 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: Failed password for root from 80.66.85.226 port 34884 ssh2
May 31 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: Connection closed by 80.66.85.226 port 34884 [preauth]
May 31 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24607]: pam_unix(cron:session): session closed for user root
May 31 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27182]: pam_unix(cron:session): session closed for user samftp
May 31 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user root
May 31 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27601]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27602]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27599]: pam_unix(cron:session): session closed for user p13x
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27659]: Successful su for rubyman by root
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27659]: + ??? root:rubyman
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430095 of user rubyman.
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27659]: pam_unix(su:session): session closed for user rubyman
May 31 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430095.
May 31 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: Invalid user feng from 202.133.90.219
May 31 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: input_userauth_request: invalid user feng [preauth]
May 31 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25041]: pam_unix(cron:session): session closed for user root
May 31 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27600]: pam_unix(cron:session): session closed for user samftp
May 31 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: Failed password for invalid user feng from 202.133.90.219 port 58202 ssh2
May 31 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: Connection closed by 202.133.90.219 port 58202 [preauth]
May 31 15:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Failed password for root from 180.178.94.209 port 37706 ssh2
May 31 15:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Received disconnect from 180.178.94.209 port 37706:11: Bye Bye [preauth]
May 31 15:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Disconnected from 180.178.94.209 port 37706 [preauth]
May 31 15:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Invalid user ubuntu from 80.94.92.186
May 31 15:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Failed password for invalid user ubuntu from 80.94.92.186 port 37754 ssh2
May 31 15:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Connection closed by 80.94.92.186 port 37754 [preauth]
May 31 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session closed for user root
May 31 15:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Failed password for root from 223.233.83.104 port 10459 ssh2
May 31 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Received disconnect from 223.233.83.104 port 10459:11: Bye Bye [preauth]
May 31 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Disconnected from 223.233.83.104 port 10459 [preauth]
May 31 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Failed password for root from 20.203.42.204 port 47374 ssh2
May 31 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Received disconnect from 20.203.42.204 port 47374:11: Bye Bye [preauth]
May 31 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Disconnected from 20.203.42.204 port 47374 [preauth]
May 31 15:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Connection closed by 185.242.226.17 port 37044 [preauth]
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session closed for user p13x
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: Successful su for rubyman by root
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: + ??? root:rubyman
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430099 of user rubyman.
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: pam_unix(su:session): session closed for user rubyman
May 31 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430099.
May 31 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user root
May 31 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session closed for user samftp
May 31 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 15:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Failed password for root from 109.172.54.111 port 48116 ssh2
May 31 15:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Connection closed by 109.172.54.111 port 48116 [preauth]
May 31 15:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Invalid user elasticsearch from 202.133.90.219
May 31 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: input_userauth_request: invalid user elasticsearch [preauth]
May 31 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Failed password for invalid user elasticsearch from 202.133.90.219 port 46392 ssh2
May 31 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Connection closed by 202.133.90.219 port 46392 [preauth]
May 31 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27184]: pam_unix(cron:session): session closed for user root
May 31 15:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28472]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session closed for user root
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28470]: pam_unix(cron:session): session closed for user p13x
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Invalid user ubuntu from 180.178.94.209
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28548]: Successful su for rubyman by root
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28548]: + ??? root:rubyman
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430103 of user rubyman.
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28548]: pam_unix(su:session): session closed for user rubyman
May 31 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430103.
May 31 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Invalid user admin from 185.156.73.233
May 31 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: input_userauth_request: invalid user admin [preauth]
May 31 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Failed password for invalid user ubuntu from 180.178.94.209 port 54858 ssh2
May 31 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Received disconnect from 180.178.94.209 port 54858:11: Bye Bye [preauth]
May 31 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Disconnected from 180.178.94.209 port 54858 [preauth]
May 31 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28472]: pam_unix(cron:session): session closed for user root
May 31 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Failed password for invalid user admin from 185.156.73.233 port 27090 ssh2
May 31 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Connection closed by 185.156.73.233 port 27090 [preauth]
May 31 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25847]: pam_unix(cron:session): session closed for user root
May 31 15:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28471]: pam_unix(cron:session): session closed for user samftp
May 31 15:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Failed password for root from 223.233.83.104 port 32369 ssh2
May 31 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Received disconnect from 223.233.83.104 port 32369:11: Bye Bye [preauth]
May 31 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Disconnected from 223.233.83.104 port 32369 [preauth]
May 31 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: Invalid user elastic from 202.133.90.219
May 31 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: input_userauth_request: invalid user elastic [preauth]
May 31 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: Failed password for invalid user elastic from 202.133.90.219 port 60004 ssh2
May 31 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: Connection closed by 202.133.90.219 port 60004 [preauth]
May 31 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27602]: pam_unix(cron:session): session closed for user root
May 31 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 15:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: Failed password for root from 103.172.78.219 port 34758 ssh2
May 31 15:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: Connection closed by 103.172.78.219 port 34758 [preauth]
May 31 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29009]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29007]: pam_unix(cron:session): session closed for user p13x
May 31 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29074]: Successful su for rubyman by root
May 31 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29074]: + ??? root:rubyman
May 31 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430109 of user rubyman.
May 31 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29074]: pam_unix(su:session): session closed for user rubyman
May 31 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430109.
May 31 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user root
May 31 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session closed for user samftp
May 31 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user root
May 31 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Invalid user dsnmaster from 202.133.90.219
May 31 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: input_userauth_request: invalid user dsnmaster [preauth]
May 31 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for invalid user dsnmaster from 202.133.90.219 port 56304 ssh2
May 31 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Connection closed by 202.133.90.219 port 56304 [preauth]
May 31 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Invalid user report from 180.178.94.209
May 31 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: input_userauth_request: invalid user report [preauth]
May 31 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209
May 31 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for invalid user report from 180.178.94.209 port 41284 ssh2
May 31 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Received disconnect from 180.178.94.209 port 41284:11: Bye Bye [preauth]
May 31 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Disconnected from 180.178.94.209 port 41284 [preauth]
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user p13x
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29491]: Successful su for rubyman by root
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29491]: + ??? root:rubyman
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430112 of user rubyman.
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29491]: pam_unix(su:session): session closed for user rubyman
May 31 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430112.
May 31 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session closed for user root
May 31 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user samftp
May 31 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Failed password for root from 223.233.83.104 port 6894 ssh2
May 31 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Received disconnect from 223.233.83.104 port 6894:11: Bye Bye [preauth]
May 31 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Disconnected from 223.233.83.104 port 6894 [preauth]
May 31 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Invalid user solana from 80.94.92.186
May 31 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: input_userauth_request: invalid user solana [preauth]
May 31 15:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Failed password for invalid user solana from 80.94.92.186 port 40434 ssh2
May 31 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Connection closed by 80.94.92.186 port 40434 [preauth]
May 31 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session closed for user root
May 31 15:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: Invalid user dockeradmin from 202.133.90.219
May 31 15:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: input_userauth_request: invalid user dockeradmin [preauth]
May 31 15:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: Failed password for invalid user dockeradmin from 202.133.90.219 port 57356 ssh2
May 31 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29932]: Connection closed by 202.133.90.219 port 57356 [preauth]
May 31 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29963]: pam_unix(cron:session): session closed for user p13x
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30022]: Successful su for rubyman by root
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30022]: + ??? root:rubyman
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430117 of user rubyman.
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30022]: pam_unix(su:session): session closed for user rubyman
May 31 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430117.
May 31 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Failed password for root from 62.133.62.83 port 60644 ssh2
May 31 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27183]: pam_unix(cron:session): session closed for user root
May 31 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Connection closed by 62.133.62.83 port 60644 [preauth]
May 31 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29964]: pam_unix(cron:session): session closed for user samftp
May 31 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: Connection reset by 205.210.31.205 port 64844 [preauth]
May 31 15:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Failed password for root from 180.178.94.209 port 34716 ssh2
May 31 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Received disconnect from 180.178.94.209 port 34716:11: Bye Bye [preauth]
May 31 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Disconnected from 180.178.94.209 port 34716 [preauth]
May 31 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session closed for user root
May 31 15:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Failed password for root from 125.20.210.182 port 52444 ssh2
May 31 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Connection closed by 125.20.210.182 port 52444 [preauth]
May 31 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Invalid user debian from 223.233.83.104
May 31 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: input_userauth_request: invalid user debian [preauth]
May 31 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104
May 31 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Failed password for invalid user debian from 223.233.83.104 port 25951 ssh2
May 31 15:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Received disconnect from 223.233.83.104 port 25951:11: Bye Bye [preauth]
May 31 15:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Disconnected from 223.233.83.104 port 25951 [preauth]
May 31 15:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Invalid user developer from 202.133.90.219
May 31 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: input_userauth_request: invalid user developer [preauth]
May 31 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user p13x
May 31 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Failed password for invalid user developer from 202.133.90.219 port 44444 ssh2
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: Successful su for rubyman by root
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: + ??? root:rubyman
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430120 of user rubyman.
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: pam_unix(su:session): session closed for user rubyman
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430120.
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session closed for user root
May 31 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Connection closed by 202.133.90.219 port 44444 [preauth]
May 31 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27601]: pam_unix(cron:session): session closed for user root
May 31 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session closed for user samftp
May 31 15:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session closed for user root
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30902]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session closed for user root
May 31 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30898]: pam_unix(cron:session): session closed for user p13x
May 31 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31060]: Successful su for rubyman by root
May 31 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31060]: + ??? root:rubyman
May 31 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430125 of user rubyman.
May 31 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31060]: pam_unix(su:session): session closed for user rubyman
May 31 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430125.
May 31 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session closed for user root
May 31 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30902]: pam_unix(cron:session): session closed for user root
May 31 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30900]: pam_unix(cron:session): session closed for user samftp
May 31 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.178.94.209  user=root
May 31 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: Failed password for root from 180.178.94.209 port 56218 ssh2
May 31 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: Received disconnect from 180.178.94.209 port 56218:11: Bye Bye [preauth]
May 31 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: Disconnected from 180.178.94.209 port 56218 [preauth]
May 31 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Invalid user deployer from 202.133.90.219
May 31 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: input_userauth_request: invalid user deployer [preauth]
May 31 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Failed password for invalid user deployer from 202.133.90.219 port 36152 ssh2
May 31 15:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Connection closed by 202.133.90.219 port 36152 [preauth]
May 31 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Failed password for root from 20.203.42.204 port 47768 ssh2
May 31 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Received disconnect from 20.203.42.204 port 47768:11: Bye Bye [preauth]
May 31 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Disconnected from 20.203.42.204 port 47768 [preauth]
May 31 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Failed password for root from 103.173.227.57 port 54202 ssh2
May 31 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Connection closed by 103.173.227.57 port 54202 [preauth]
May 31 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29966]: pam_unix(cron:session): session closed for user root
May 31 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.233.83.104  user=root
May 31 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Failed password for root from 223.233.83.104 port 16300 ssh2
May 31 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Received disconnect from 223.233.83.104 port 16300:11: Bye Bye [preauth]
May 31 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Disconnected from 223.233.83.104 port 16300 [preauth]
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31431]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31432]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31429]: pam_unix(cron:session): session closed for user p13x
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31499]: Successful su for rubyman by root
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31499]: + ??? root:rubyman
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430131 of user rubyman.
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31499]: pam_unix(su:session): session closed for user rubyman
May 31 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430131.
May 31 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session closed for user root
May 31 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31430]: pam_unix(cron:session): session closed for user samftp
May 31 15:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Invalid user deploy from 202.133.90.219
May 31 15:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: input_userauth_request: invalid user deploy [preauth]
May 31 15:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Failed password for invalid user deploy from 202.133.90.219 port 32784 ssh2
May 31 15:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Connection closed by 202.133.90.219 port 32784 [preauth]
May 31 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session closed for user root
May 31 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Invalid user node from 80.94.92.186
May 31 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: input_userauth_request: invalid user node [preauth]
May 31 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Failed password for invalid user node from 80.94.92.186 port 43118 ssh2
May 31 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Connection closed by 80.94.92.186 port 43118 [preauth]
May 31 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31945]: pam_unix(cron:session): session closed for user p13x
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32011]: Successful su for rubyman by root
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32011]: + ??? root:rubyman
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430135 of user rubyman.
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32011]: pam_unix(su:session): session closed for user rubyman
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430135.
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Bad protocol version identification '\003' from 192.253.248.180 port 61990
May 31 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29009]: pam_unix(cron:session): session closed for user root
May 31 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31946]: pam_unix(cron:session): session closed for user samftp
May 31 15:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Invalid user debian from 202.133.90.219
May 31 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: input_userauth_request: invalid user debian [preauth]
May 31 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for invalid user debian from 202.133.90.219 port 49480 ssh2
May 31 15:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Connection closed by 202.133.90.219 port 49480 [preauth]
May 31 15:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Failed password for root from 103.149.170.125 port 54612 ssh2
May 31 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Connection closed by 103.149.170.125 port 54612 [preauth]
May 31 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session closed for user root
May 31 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: Failed password for root from 20.203.42.204 port 58264 ssh2
May 31 15:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: Received disconnect from 20.203.42.204 port 58264:11: Bye Bye [preauth]
May 31 15:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: Disconnected from 20.203.42.204 port 58264 [preauth]
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session closed for user p13x
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32418]: Successful su for rubyman by root
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32418]: + ??? root:rubyman
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430139 of user rubyman.
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32418]: pam_unix(su:session): session closed for user rubyman
May 31 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430139.
May 31 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session closed for user root
May 31 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user samftp
May 31 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31432]: pam_unix(cron:session): session closed for user root
May 31 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Invalid user debian from 202.133.90.219
May 31 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: input_userauth_request: invalid user debian [preauth]
May 31 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Failed password for invalid user debian from 202.133.90.219 port 43022 ssh2
May 31 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Connection closed by 202.133.90.219 port 43022 [preauth]
May 31 15:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for root from 103.77.242.62 port 54846 ssh2
May 31 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Connection closed by 103.77.242.62 port 54846 [preauth]
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user p13x
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: Successful su for rubyman by root
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: + ??? root:rubyman
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430144 of user rubyman.
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: pam_unix(su:session): session closed for user rubyman
May 31 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430144.
May 31 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session closed for user root
May 31 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[310]: pam_unix(cron:session): session closed for user samftp
May 31 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session closed for user root
May 31 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Invalid user debian from 202.133.90.219
May 31 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: input_userauth_request: invalid user debian [preauth]
May 31 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Failed password for invalid user debian from 202.133.90.219 port 57794 ssh2
May 31 15:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Connection closed by 202.133.90.219 port 57794 [preauth]
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[869]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[867]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[868]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session closed for user root
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session closed for user p13x
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: Successful su for rubyman by root
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: + ??? root:rubyman
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430147 of user rubyman.
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: pam_unix(su:session): session closed for user rubyman
May 31 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430147.
May 31 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[867]: pam_unix(cron:session): session closed for user root
May 31 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session closed for user root
May 31 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[866]: pam_unix(cron:session): session closed for user samftp
May 31 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Invalid user test from 125.20.210.182
May 31 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: input_userauth_request: invalid user test [preauth]
May 31 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user test from 125.20.210.182 port 42494 ssh2
May 31 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Connection closed by 125.20.210.182 port 42494 [preauth]
May 31 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user root
May 31 15:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1328]: Failed password for root from 20.203.42.204 port 60730 ssh2
May 31 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1328]: Received disconnect from 20.203.42.204 port 60730:11: Bye Bye [preauth]
May 31 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1328]: Disconnected from 20.203.42.204 port 60730 [preauth]
May 31 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Received disconnect from 185.134.49.60 port 39544:11: disconnected by user [preauth]
May 31 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Disconnected from 185.134.49.60 port 39544 [preauth]
May 31 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Invalid user sol from 80.94.92.186
May 31 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: input_userauth_request: invalid user sol [preauth]
May 31 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: Invalid user debian from 202.133.90.219
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: input_userauth_request: invalid user debian [preauth]
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: User nobody from 185.156.73.233 not allowed because not listed in AllowUsers
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: input_userauth_request: invalid user nobody [preauth]
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Failed password for invalid user sol from 80.94.92.186 port 45776 ssh2
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=nobody
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Connection closed by 80.94.92.186 port 45776 [preauth]
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session closed for user p13x
May 31 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: Successful su for rubyman by root
May 31 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: + ??? root:rubyman
May 31 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430153 of user rubyman.
May 31 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: pam_unix(su:session): session closed for user rubyman
May 31 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430153.
May 31 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: Failed password for invalid user debian from 202.133.90.219 port 47730 ssh2
May 31 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Failed password for invalid user nobody from 185.156.73.233 port 16096 ssh2
May 31 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Connection closed by 185.156.73.233 port 16096 [preauth]
May 31 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: Connection closed by 202.133.90.219 port 47730 [preauth]
May 31 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session closed for user root
May 31 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session closed for user samftp
May 31 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session closed for user root
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1921]: pam_unix(cron:session): session closed for user p13x
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: Successful su for rubyman by root
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: + ??? root:rubyman
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430158 of user rubyman.
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2009]: pam_unix(su:session): session closed for user rubyman
May 31 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430158.
May 31 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31431]: pam_unix(cron:session): session closed for user root
May 31 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1922]: pam_unix(cron:session): session closed for user samftp
May 31 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: Invalid user D from 202.133.90.219
May 31 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: input_userauth_request: invalid user D [preauth]
May 31 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: Failed password for invalid user D from 202.133.90.219 port 39290 ssh2
May 31 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: Connection closed by 202.133.90.219 port 39290 [preauth]
May 31 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Invalid user sami from 213.209.159.56
May 31 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: input_userauth_request: invalid user sami [preauth]
May 31 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Failed password for invalid user sami from 213.209.159.56 port 61680 ssh2
May 31 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Failed password for invalid user sami from 213.209.159.56 port 61680 ssh2
May 31 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Failed password for invalid user sami from 213.209.159.56 port 61680 ssh2
May 31 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Failed password for invalid user sami from 213.209.159.56 port 61680 ssh2
May 31 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Failed password for invalid user sami from 213.209.159.56 port 61680 ssh2
May 31 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Received disconnect from 213.209.159.56 port 61680:11: Bye [preauth]
May 31 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Disconnected from 213.209.159.56 port 61680 [preauth]
May 31 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[869]: pam_unix(cron:session): session closed for user root
May 31 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2393]: pam_unix(cron:session): session closed for user p13x
May 31 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: Successful su for rubyman by root
May 31 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: + ??? root:rubyman
May 31 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430161 of user rubyman.
May 31 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: pam_unix(su:session): session closed for user rubyman
May 31 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430161.
May 31 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session closed for user root
May 31 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2394]: pam_unix(cron:session): session closed for user samftp
May 31 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 15:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: Failed password for root from 193.37.70.224 port 37768 ssh2
May 31 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: Connection closed by 193.37.70.224 port 37768 [preauth]
May 31 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Invalid user debian from 20.203.42.204
May 31 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: input_userauth_request: invalid user debian [preauth]
May 31 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204
May 31 15:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Failed password for invalid user debian from 20.203.42.204 port 50612 ssh2
May 31 15:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Received disconnect from 20.203.42.204 port 50612:11: Bye Bye [preauth]
May 31 15:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Disconnected from 20.203.42.204 port 50612 [preauth]
May 31 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Invalid user cumulus from 202.133.90.219
May 31 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: input_userauth_request: invalid user cumulus [preauth]
May 31 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Failed password for invalid user cumulus from 202.133.90.219 port 44540 ssh2
May 31 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Connection closed by 202.133.90.219 port 44540 [preauth]
May 31 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session closed for user root
May 31 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100  user=root
May 31 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Failed password for root from 193.24.211.100 port 23218 ssh2
May 31 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Received disconnect from 193.24.211.100 port 23218:11: Client disconnecting normally [preauth]
May 31 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Disconnected from 193.24.211.100 port 23218 [preauth]
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session closed for user p13x
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: Successful su for rubyman by root
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: + ??? root:rubyman
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430167 of user rubyman.
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: pam_unix(su:session): session closed for user rubyman
May 31 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430167.
May 31 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session closed for user root
May 31 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session closed for user samftp
May 31 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3072]: Failed password for root from 103.82.132.16 port 48382 ssh2
May 31 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3072]: Connection closed by 103.82.132.16 port 48382 [preauth]
May 31 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session closed for user root
May 31 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Invalid user bpadmin from 202.133.90.219
May 31 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: input_userauth_request: invalid user bpadmin [preauth]
May 31 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Failed password for invalid user bpadmin from 202.133.90.219 port 42668 ssh2
May 31 15:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Connection closed by 202.133.90.219 port 42668 [preauth]
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session closed for user root
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session closed for user p13x
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: Successful su for rubyman by root
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: + ??? root:rubyman
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430171 of user rubyman.
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3292]: pam_unix(su:session): session closed for user rubyman
May 31 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430171.
May 31 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
May 31 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session closed for user root
May 31 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3221]: pam_unix(cron:session): session closed for user samftp
May 31 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Invalid user sol from 80.94.92.186
May 31 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: input_userauth_request: invalid user sol [preauth]
May 31 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204  user=root
May 31 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Failed password for invalid user sol from 80.94.92.186 port 48486 ssh2
May 31 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Connection closed by 80.94.92.186 port 48486 [preauth]
May 31 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3525]: Failed password for root from 20.203.42.204 port 59200 ssh2
May 31 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3525]: Received disconnect from 20.203.42.204 port 59200:11: Bye Bye [preauth]
May 31 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3525]: Disconnected from 20.203.42.204 port 59200 [preauth]
May 31 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session closed for user root
May 31 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Invalid user apache from 202.133.90.219
May 31 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: input_userauth_request: invalid user apache [preauth]
May 31 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Failed password for invalid user apache from 202.133.90.219 port 58822 ssh2
May 31 15:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Connection closed by 202.133.90.219 port 58822 [preauth]
May 31 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3661]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3660]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session closed for user p13x
May 31 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: Successful su for rubyman by root
May 31 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: + ??? root:rubyman
May 31 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430176 of user rubyman.
May 31 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session closed for user rubyman
May 31 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430176.
May 31 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[868]: pam_unix(cron:session): session closed for user root
May 31 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3659]: pam_unix(cron:session): session closed for user samftp
May 31 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 15:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Failed password for root from 170.82.76.2 port 22424 ssh2
May 31 15:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Connection closed by 170.82.76.2 port 22424 [preauth]
May 31 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session closed for user root
May 31 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Invalid user user from 125.20.210.182
May 31 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: input_userauth_request: invalid user user [preauth]
May 31 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Failed password for invalid user user from 125.20.210.182 port 41264 ssh2
May 31 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Connection closed by 125.20.210.182 port 41264 [preauth]
May 31 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Invalid user activemq from 202.133.90.219
May 31 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: input_userauth_request: invalid user activemq [preauth]
May 31 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Failed password for invalid user activemq from 202.133.90.219 port 44752 ssh2
May 31 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Connection closed by 202.133.90.219 port 44752 [preauth]
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session closed for user p13x
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4326]: Successful su for rubyman by root
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4326]: + ??? root:rubyman
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430179 of user rubyman.
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4326]: pam_unix(su:session): session closed for user rubyman
May 31 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430179.
May 31 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session closed for user root
May 31 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user samftp
May 31 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Invalid user report from 20.203.42.204
May 31 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: input_userauth_request: invalid user report [preauth]
May 31 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204
May 31 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Failed password for invalid user report from 20.203.42.204 port 57078 ssh2
May 31 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Received disconnect from 20.203.42.204 port 57078:11: Bye Bye [preauth]
May 31 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Disconnected from 20.203.42.204 port 57078 [preauth]
May 31 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Failed password for root from 171.25.158.47 port 37198 ssh2
May 31 15:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Received disconnect from 171.25.158.47 port 37198:11: Bye Bye [preauth]
May 31 15:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Disconnected from 171.25.158.47 port 37198 [preauth]
May 31 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session closed for user root
May 31 15:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4664]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4661]: pam_unix(cron:session): session closed for user p13x
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: Successful su for rubyman by root
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: + ??? root:rubyman
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430184 of user rubyman.
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: pam_unix(su:session): session closed for user rubyman
May 31 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430184.
May 31 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Invalid user user3 from 202.133.90.219
May 31 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: input_userauth_request: invalid user user3 [preauth]
May 31 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1923]: pam_unix(cron:session): session closed for user root
May 31 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Failed password for invalid user user3 from 202.133.90.219 port 55828 ssh2
May 31 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4663]: pam_unix(cron:session): session closed for user samftp
May 31 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Connection closed by 202.133.90.219 port 55828 [preauth]
May 31 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3661]: pam_unix(cron:session): session closed for user root
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5075]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session closed for user p13x
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5131]: Successful su for rubyman by root
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5131]: + ??? root:rubyman
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430188 of user rubyman.
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5131]: pam_unix(su:session): session closed for user rubyman
May 31 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430188.
May 31 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session closed for user root
May 31 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session closed for user samftp
May 31 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Invalid user ubuntu from 80.94.92.186
May 31 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Failed password for invalid user ubuntu from 80.94.92.186 port 51144 ssh2
May 31 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Connection closed by 80.94.92.186 port 51144 [preauth]
May 31 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Invalid user user1 from 202.133.90.219
May 31 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: input_userauth_request: invalid user user1 [preauth]
May 31 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Failed password for invalid user user1 from 202.133.90.219 port 38040 ssh2
May 31 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Connection closed by 202.133.90.219 port 38040 [preauth]
May 31 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: Invalid user ubuntu from 20.203.42.204
May 31 15:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.203.42.204
May 31 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: Failed password for invalid user ubuntu from 20.203.42.204 port 57210 ssh2
May 31 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: Received disconnect from 20.203.42.204 port 57210:11: Bye Bye [preauth]
May 31 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5389]: Disconnected from 20.203.42.204 port 57210 [preauth]
May 31 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session closed for user root
May 31 15:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: Failed password for root from 171.25.158.47 port 57990 ssh2
May 31 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: Received disconnect from 171.25.158.47 port 57990:11: Bye Bye [preauth]
May 31 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5459]: Disconnected from 171.25.158.47 port 57990 [preauth]
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5482]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session closed for user root
May 31 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user p13x
May 31 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: Successful su for rubyman by root
May 31 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: + ??? root:rubyman
May 31 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430194 of user rubyman.
May 31 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: pam_unix(su:session): session closed for user rubyman
May 31 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430194.
May 31 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session closed for user root
May 31 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session closed for user root
May 31 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user samftp
May 31 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Invalid user ubuntu from 202.133.90.219
May 31 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Failed password for invalid user ubuntu from 202.133.90.219 port 52384 ssh2
May 31 15:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Connection closed by 202.133.90.219 port 52384 [preauth]
May 31 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session closed for user root
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5890]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5888]: pam_unix(cron:session): session closed for user p13x
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5952]: Successful su for rubyman by root
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5952]: + ??? root:rubyman
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430197 of user rubyman.
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5952]: pam_unix(su:session): session closed for user rubyman
May 31 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430197.
May 31 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session closed for user root
May 31 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5889]: pam_unix(cron:session): session closed for user samftp
May 31 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Failed password for root from 171.25.158.47 port 39908 ssh2
May 31 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Received disconnect from 171.25.158.47 port 39908:11: Bye Bye [preauth]
May 31 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Disconnected from 171.25.158.47 port 39908 [preauth]
May 31 15:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session closed for user root
May 31 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Invalid user ubuntu from 202.133.90.219
May 31 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: input_userauth_request: invalid user ubuntu [preauth]
May 31 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for invalid user ubuntu from 202.133.90.219 port 40580 ssh2
May 31 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 202.133.90.219 port 40580 [preauth]
May 31 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 15:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Failed password for root from 80.94.95.115 port 57184 ssh2
May 31 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Connection closed by 80.94.95.115 port 57184 [preauth]
May 31 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6286]: pam_unix(cron:session): session closed for user p13x
May 31 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6350]: Successful su for rubyman by root
May 31 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6350]: + ??? root:rubyman
May 31 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430201 of user rubyman.
May 31 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6350]: pam_unix(su:session): session closed for user rubyman
May 31 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430201.
May 31 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3660]: pam_unix(cron:session): session closed for user root
May 31 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6287]: pam_unix(cron:session): session closed for user samftp
May 31 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5482]: pam_unix(cron:session): session closed for user root
May 31 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: Invalid user tony from 171.25.158.47
May 31 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: input_userauth_request: invalid user tony [preauth]
May 31 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47
May 31 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: Failed password for invalid user tony from 171.25.158.47 port 48092 ssh2
May 31 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: Received disconnect from 171.25.158.47 port 48092:11: Bye Bye [preauth]
May 31 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: Disconnected from 171.25.158.47 port 48092 [preauth]
May 31 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Connection closed by 31.54.184.41 port 56018 [preauth]
May 31 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Invalid user minima from 80.94.92.186
May 31 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: input_userauth_request: invalid user minima [preauth]
May 31 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Failed password for invalid user minima from 80.94.92.186 port 53848 ssh2
May 31 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Connection closed by 80.94.92.186 port 53848 [preauth]
May 31 15:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: Invalid user testuser from 202.133.90.219
May 31 15:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: input_userauth_request: invalid user testuser [preauth]
May 31 15:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: Failed password for invalid user testuser from 202.133.90.219 port 40800 ssh2
May 31 15:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: Connection closed by 202.133.90.219 port 40800 [preauth]
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session closed for user p13x
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6748]: Successful su for rubyman by root
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6748]: + ??? root:rubyman
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430206 of user rubyman.
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6748]: pam_unix(su:session): session closed for user rubyman
May 31 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430206.
May 31 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session closed for user root
May 31 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6680]: pam_unix(cron:session): session closed for user samftp
May 31 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6945]: Failed password for root from 62.133.63.178 port 33216 ssh2
May 31 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6945]: Connection closed by 62.133.63.178 port 33216 [preauth]
May 31 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Failed password for root from 125.20.210.182 port 37000 ssh2
May 31 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Connection closed by 125.20.210.182 port 37000 [preauth]
May 31 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5891]: pam_unix(cron:session): session closed for user root
May 31 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: Failed password for root from 147.45.197.250 port 40188 ssh2
May 31 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: Connection closed by 147.45.197.250 port 40188 [preauth]
May 31 15:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: Invalid user test from 202.133.90.219
May 31 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: input_userauth_request: invalid user test [preauth]
May 31 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 15:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: Invalid user adam from 171.25.158.47
May 31 15:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: input_userauth_request: invalid user adam [preauth]
May 31 15:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: pam_unix(sshd:auth): check pass; user unknown
May 31 15:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47
May 31 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: Failed password for invalid user test from 202.133.90.219 port 44046 ssh2
May 31 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7201]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7195]: pam_unix(cron:session): session closed for user p13x
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7259]: Successful su for rubyman by root
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7259]: + ??? root:rubyman
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: Failed password for invalid user adam from 171.25.158.47 port 34166 ssh2
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430209 of user rubyman.
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7259]: pam_unix(su:session): session closed for user rubyman
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430209.
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: Connection closed by 202.133.90.219 port 44046 [preauth]
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: Received disconnect from 171.25.158.47 port 34166:11: Bye Bye [preauth]
May 31 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7183]: Disconnected from 171.25.158.47 port 34166 [preauth]
May 31 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4664]: pam_unix(cron:session): session closed for user root
May 31 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session closed for user samftp
May 31 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session closed for user root
May 31 15:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: Failed password for root from 103.27.238.114 port 46530 ssh2
May 31 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: Connection closed by 103.27.238.114 port 46530 [preauth]
May 31 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session closed for user root
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session closed for user root
May 31 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7597]: pam_unix(cron:session): session closed for user p13x
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7784]: Successful su for rubyman by root
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7784]: + ??? root:rubyman
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430215 of user rubyman.
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7784]: pam_unix(su:session): session closed for user rubyman
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430215.
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: Failed password for root from 109.237.96.109 port 57878 ssh2
May 31 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: Connection closed by 109.237.96.109 port 57878 [preauth]
May 31 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user root
May 31 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5075]: pam_unix(cron:session): session closed for user root
May 31 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session closed for user samftp
May 31 16:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Invalid user testing from 202.133.90.219
May 31 16:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: input_userauth_request: invalid user testing [preauth]
May 31 16:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 16:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Failed password for invalid user testing from 202.133.90.219 port 37938 ssh2
May 31 16:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 16:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Connection closed by 202.133.90.219 port 37938 [preauth]
May 31 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: Failed password for root from 46.19.67.181 port 34202 ssh2
May 31 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: Connection closed by 46.19.67.181 port 34202 [preauth]
May 31 16:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 16:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Failed password for root from 171.25.158.47 port 53198 ssh2
May 31 16:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Received disconnect from 171.25.158.47 port 53198:11: Bye Bye [preauth]
May 31 16:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Disconnected from 171.25.158.47 port 53198 [preauth]
May 31 16:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Invalid user facturacion from 67.207.84.8
May 31 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: input_userauth_request: invalid user facturacion [preauth]
May 31 16:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 16:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Failed password for invalid user facturacion from 67.207.84.8 port 38554 ssh2
May 31 16:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Connection closed by 67.207.84.8 port 38554 [preauth]
May 31 16:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6682]: pam_unix(cron:session): session closed for user root
May 31 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8182]: pam_unix(cron:session): session closed for user p13x
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8246]: Successful su for rubyman by root
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8246]: + ??? root:rubyman
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430221 of user rubyman.
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8246]: pam_unix(su:session): session closed for user rubyman
May 31 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430221.
May 31 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session closed for user root
May 31 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session closed for user samftp
May 31 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Invalid user validator from 80.94.92.186
May 31 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: input_userauth_request: invalid user validator [preauth]
May 31 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Failed password for invalid user validator from 80.94.92.186 port 56516 ssh2
May 31 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Connection closed by 80.94.92.186 port 56516 [preauth]
May 31 16:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: Invalid user test2 from 202.133.90.219
May 31 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: input_userauth_request: invalid user test2 [preauth]
May 31 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: Failed password for invalid user test2 from 202.133.90.219 port 54536 ssh2
May 31 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: Connection closed by 202.133.90.219 port 54536 [preauth]
May 31 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7201]: pam_unix(cron:session): session closed for user root
May 31 16:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Failed password for root from 171.25.158.47 port 57118 ssh2
May 31 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Received disconnect from 171.25.158.47 port 57118:11: Bye Bye [preauth]
May 31 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Disconnected from 171.25.158.47 port 57118 [preauth]
May 31 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session closed for user p13x
May 31 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: Successful su for rubyman by root
May 31 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: + ??? root:rubyman
May 31 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430226 of user rubyman.
May 31 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: pam_unix(su:session): session closed for user rubyman
May 31 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430226.
May 31 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5890]: pam_unix(cron:session): session closed for user root
May 31 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session closed for user samftp
May 31 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Connection closed by 45.148.10.121 port 51020 [preauth]
May 31 16:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Invalid user test1 from 202.133.90.219
May 31 16:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: input_userauth_request: invalid user test1 [preauth]
May 31 16:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 16:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user test1 from 202.133.90.219 port 43454 ssh2
May 31 16:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Connection closed by 202.133.90.219 port 43454 [preauth]
May 31 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user root
May 31 16:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session closed for user p13x
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: Successful su for rubyman by root
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: + ??? root:rubyman
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430228 of user rubyman.
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: pam_unix(su:session): session closed for user rubyman
May 31 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430228.
May 31 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Failed password for root from 171.25.158.47 port 57992 ssh2
May 31 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Received disconnect from 171.25.158.47 port 57992:11: Bye Bye [preauth]
May 31 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Disconnected from 171.25.158.47 port 57992 [preauth]
May 31 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session closed for user root
May 31 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session closed for user samftp
May 31 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session closed for user root
May 31 16:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Invalid user student from 202.133.90.219
May 31 16:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: input_userauth_request: invalid user student [preauth]
May 31 16:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Failed password for invalid user student from 202.133.90.219 port 35148 ssh2
May 31 16:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Connection closed by 202.133.90.219 port 35148 [preauth]
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9380]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session closed for user p13x
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9438]: Successful su for rubyman by root
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9438]: + ??? root:rubyman
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430232 of user rubyman.
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9438]: pam_unix(su:session): session closed for user rubyman
May 31 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430232.
May 31 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session closed for user root
May 31 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session closed for user samftp
May 31 16:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 16:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Failed password for root from 103.149.28.157 port 35560 ssh2
May 31 16:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Connection closed by 103.149.28.157 port 35560 [preauth]
May 31 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: User daemon from 171.25.158.47 not allowed because not listed in AllowUsers
May 31 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: input_userauth_request: invalid user daemon [preauth]
May 31 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=daemon
May 31 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: Invalid user admin from 125.20.210.182
May 31 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: input_userauth_request: invalid user admin [preauth]
May 31 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Failed password for invalid user daemon from 171.25.158.47 port 33862 ssh2
May 31 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Received disconnect from 171.25.158.47 port 33862:11: Bye Bye [preauth]
May 31 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Disconnected from 171.25.158.47 port 33862 [preauth]
May 31 16:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: Failed password for invalid user admin from 125.20.210.182 port 54344 ssh2
May 31 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: Connection closed by 125.20.210.182 port 54344 [preauth]
May 31 16:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session closed for user root
May 31 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Failed password for root from 147.45.199.80 port 57176 ssh2
May 31 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Connection closed by 147.45.199.80 port 57176 [preauth]
May 31 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Invalid user eth from 80.94.92.186
May 31 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: input_userauth_request: invalid user eth [preauth]
May 31 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Failed password for invalid user eth from 80.94.92.186 port 59190 ssh2
May 31 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Connection closed by 80.94.92.186 port 59190 [preauth]
May 31 16:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Invalid user samba from 202.133.90.219
May 31 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: input_userauth_request: invalid user samba [preauth]
May 31 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 16:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Failed password for invalid user samba from 202.133.90.219 port 41084 ssh2
May 31 16:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Connection closed by 202.133.90.219 port 41084 [preauth]
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9789]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session closed for user root
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9787]: pam_unix(cron:session): session closed for user p13x
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: Successful su for rubyman by root
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: + ??? root:rubyman
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430239 of user rubyman.
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: pam_unix(su:session): session closed for user rubyman
May 31 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430239.
May 31 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9789]: pam_unix(cron:session): session closed for user root
May 31 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session closed for user root
May 31 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9788]: pam_unix(cron:session): session closed for user samftp
May 31 16:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 16:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Failed password for root from 103.27.238.116 port 40846 ssh2
May 31 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Connection closed by 103.27.238.116 port 40846 [preauth]
May 31 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Failed password for root from 103.27.238.120 port 46636 ssh2
May 31 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Connection closed by 103.27.238.120 port 46636 [preauth]
May 31 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user root
May 31 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.158.47  user=root
May 31 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Failed password for root from 171.25.158.47 port 40626 ssh2
May 31 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Received disconnect from 171.25.158.47 port 40626:11: Bye Bye [preauth]
May 31 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Disconnected from 171.25.158.47 port 40626 [preauth]
May 31 16:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Failed password for root from 77.94.47.83 port 40196 ssh2
May 31 16:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Connection closed by 77.94.47.83 port 40196 [preauth]
May 31 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session closed for user p13x
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10558]: Successful su for rubyman by root
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10558]: + ??? root:rubyman
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430244 of user rubyman.
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10558]: pam_unix(su:session): session closed for user rubyman
May 31 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430244.
May 31 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user root
May 31 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10489]: pam_unix(cron:session): session closed for user samftp
May 31 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Failed password for root from 202.133.90.219 port 53554 ssh2
May 31 16:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Connection closed by 202.133.90.219 port 53554 [preauth]
May 31 16:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user root
May 31 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10926]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session closed for user p13x
May 31 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10986]: Successful su for rubyman by root
May 31 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10986]: + ??? root:rubyman
May 31 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430248 of user rubyman.
May 31 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10986]: pam_unix(su:session): session closed for user rubyman
May 31 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430248.
May 31 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session closed for user root
May 31 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session closed for user samftp
May 31 16:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Failed password for root from 202.133.90.219 port 41928 ssh2
May 31 16:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Connection closed by 202.133.90.219 port 41928 [preauth]
May 31 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session closed for user root
May 31 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Did not receive identification string from 81.19.219.208
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session closed for user p13x
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11398]: Successful su for rubyman by root
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11398]: + ??? root:rubyman
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430250 of user rubyman.
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11398]: pam_unix(su:session): session closed for user rubyman
May 31 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430250.
May 31 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user root
May 31 16:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session closed for user samftp
May 31 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: Invalid user ethereum from 80.94.92.186
May 31 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: input_userauth_request: invalid user ethereum [preauth]
May 31 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.186
May 31 16:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: Failed password for invalid user ethereum from 80.94.92.186 port 33600 ssh2
May 31 16:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: Connection closed by 80.94.92.186 port 33600 [preauth]
May 31 16:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session closed for user root
May 31 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: Failed password for root from 202.133.90.219 port 57912 ssh2
May 31 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: Connection closed by 202.133.90.219 port 57912 [preauth]
May 31 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11760]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11755]: pam_unix(cron:session): session closed for user p13x
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11895]: Successful su for rubyman by root
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11895]: + ??? root:rubyman
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430257 of user rubyman.
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11895]: pam_unix(su:session): session closed for user rubyman
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430257.
May 31 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session closed for user root
May 31 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user root
May 31 16:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session closed for user samftp
May 31 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10926]: pam_unix(cron:session): session closed for user root
May 31 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Failed password for root from 202.133.90.219 port 44094 ssh2
May 31 16:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 16:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Connection closed by 202.133.90.219 port 44094 [preauth]
May 31 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Failed password for root from 38.93.206.2 port 15484 ssh2
May 31 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Connection closed by 38.93.206.2 port 15484 [preauth]
May 31 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: Failed password for root from 103.153.68.219 port 59958 ssh2
May 31 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: Connection closed by 103.153.68.219 port 59958 [preauth]
May 31 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: Invalid user admin from 80.94.95.116
May 31 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: input_userauth_request: invalid user admin [preauth]
May 31 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 16:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: Failed password for invalid user admin from 80.94.95.116 port 60740 ssh2
May 31 16:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: Connection closed by 80.94.95.116 port 60740 [preauth]
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session closed for user root
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user p13x
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: Successful su for rubyman by root
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: + ??? root:rubyman
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430259 of user rubyman.
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: pam_unix(su:session): session closed for user rubyman
May 31 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430259.
May 31 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9380]: pam_unix(cron:session): session closed for user root
May 31 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user root
May 31 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user samftp
May 31 16:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session closed for user root
May 31 16:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for root from 202.133.90.219 port 55388 ssh2
May 31 16:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Connection closed by 202.133.90.219 port 55388 [preauth]
May 31 16:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user p13x
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Failed password for root from 94.159.98.239 port 50874 ssh2
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12944]: Successful su for rubyman by root
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12944]: + ??? root:rubyman
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430266 of user rubyman.
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12944]: pam_unix(su:session): session closed for user rubyman
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430266.
May 31 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Connection closed by 94.159.98.239 port 50874 [preauth]
May 31 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session closed for user root
May 31 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12877]: pam_unix(cron:session): session closed for user samftp
May 31 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: Invalid user cirros from 125.20.210.182
May 31 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: input_userauth_request: invalid user cirros [preauth]
May 31 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 16:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: Failed password for invalid user cirros from 125.20.210.182 port 47154 ssh2
May 31 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12846]: Connection closed by 125.20.210.182 port 47154 [preauth]
May 31 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11760]: pam_unix(cron:session): session closed for user root
May 31 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Failed password for root from 202.133.90.219 port 44560 ssh2
May 31 16:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Connection closed by 202.133.90.219 port 44560 [preauth]
May 31 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13300]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session closed for user p13x
May 31 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13356]: Successful su for rubyman by root
May 31 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13356]: + ??? root:rubyman
May 31 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430270 of user rubyman.
May 31 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13356]: pam_unix(su:session): session closed for user rubyman
May 31 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430270.
May 31 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session closed for user root
May 31 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session closed for user samftp
May 31 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session closed for user root
May 31 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13675]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13674]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13672]: pam_unix(cron:session): session closed for user p13x
May 31 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13742]: Successful su for rubyman by root
May 31 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13742]: + ??? root:rubyman
May 31 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430273 of user rubyman.
May 31 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13742]: pam_unix(su:session): session closed for user rubyman
May 31 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430273.
May 31 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10925]: pam_unix(cron:session): session closed for user root
May 31 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13673]: pam_unix(cron:session): session closed for user samftp
May 31 16:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13920]: Failed password for root from 202.133.90.219 port 43014 ssh2
May 31 16:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13920]: Connection closed by 202.133.90.219 port 43014 [preauth]
May 31 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session closed for user root
May 31 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14075]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14076]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14073]: pam_unix(cron:session): session closed for user p13x
May 31 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14136]: Successful su for rubyman by root
May 31 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14136]: + ??? root:rubyman
May 31 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430278 of user rubyman.
May 31 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14136]: pam_unix(su:session): session closed for user rubyman
May 31 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430278.
May 31 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user root
May 31 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14074]: pam_unix(cron:session): session closed for user samftp
May 31 16:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Failed password for root from 202.133.90.219 port 43294 ssh2
May 31 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13300]: pam_unix(cron:session): session closed for user root
May 31 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Connection closed by 202.133.90.219 port 43294 [preauth]
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14460]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user root
May 31 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session closed for user p13x
May 31 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: Successful su for rubyman by root
May 31 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: + ??? root:rubyman
May 31 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430285 of user rubyman.
May 31 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: pam_unix(su:session): session closed for user rubyman
May 31 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430285.
May 31 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14459]: pam_unix(cron:session): session closed for user root
May 31 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session closed for user root
May 31 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session closed for user samftp
May 31 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13675]: pam_unix(cron:session): session closed for user root
May 31 16:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: Failed password for root from 202.133.90.219 port 39450 ssh2
May 31 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: Connection closed by 202.133.90.219 port 39450 [preauth]
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session closed for user p13x
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15039]: Successful su for rubyman by root
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15039]: + ??? root:rubyman
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430289 of user rubyman.
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15039]: pam_unix(su:session): session closed for user rubyman
May 31 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430289.
May 31 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session closed for user root
May 31 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session closed for user samftp
May 31 16:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 16:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Received disconnect from 103.149.26.43 port 49498:11: disconnected by user [preauth]
May 31 16:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Disconnected from 103.149.26.43 port 49498 [preauth]
May 31 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14076]: pam_unix(cron:session): session closed for user root
May 31 16:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Failed password for root from 202.133.90.219 port 40778 ssh2
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Connection closed by 202.133.90.219 port 40778 [preauth]
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15382]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15382]: pam_unix(cron:session): session closed for user root
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15384]: pam_unix(cron:session): session closed for user p13x
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: Successful su for rubyman by root
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: + ??? root:rubyman
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430291 of user rubyman.
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: pam_unix(su:session): session closed for user rubyman
May 31 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430291.
May 31 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session closed for user root
May 31 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session closed for user samftp
May 31 16:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14461]: pam_unix(cron:session): session closed for user root
May 31 16:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15681]: Failed password for root from 125.20.210.182 port 57742 ssh2
May 31 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15681]: Connection closed by 125.20.210.182 port 57742 [preauth]
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15773]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session closed for user p13x
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15829]: Successful su for rubyman by root
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15829]: + ??? root:rubyman
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430296 of user rubyman.
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15829]: pam_unix(su:session): session closed for user rubyman
May 31 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430296.
May 31 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session closed for user root
May 31 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session closed for user samftp
May 31 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Invalid user user from 2.57.121.25
May 31 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: input_userauth_request: invalid user user [preauth]
May 31 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 16:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for invalid user user from 2.57.121.25 port 8536 ssh2
May 31 16:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for invalid user user from 2.57.121.25 port 8536 ssh2
May 31 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Failed password for root from 202.133.90.219 port 40898 ssh2
May 31 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Connection closed by 202.133.90.219 port 40898 [preauth]
May 31 16:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for invalid user user from 2.57.121.25 port 8536 ssh2
May 31 16:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for invalid user user from 2.57.121.25 port 8536 ssh2
May 31 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for invalid user user from 2.57.121.25 port 8536 ssh2
May 31 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Received disconnect from 2.57.121.25 port 8536:11: Bye [preauth]
May 31 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Disconnected from 2.57.121.25 port 8536 [preauth]
May 31 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session closed for user root
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16151]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16150]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session closed for user p13x
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16213]: Successful su for rubyman by root
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16213]: + ??? root:rubyman
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430300 of user rubyman.
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16213]: pam_unix(su:session): session closed for user rubyman
May 31 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430300.
May 31 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13674]: pam_unix(cron:session): session closed for user root
May 31 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16149]: pam_unix(cron:session): session closed for user samftp
May 31 16:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Failed password for root from 103.82.20.28 port 37818 ssh2
May 31 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Connection closed by 103.82.20.28 port 37818 [preauth]
May 31 16:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: Failed password for root from 202.133.90.219 port 36908 ssh2
May 31 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: Connection closed by 202.133.90.219 port 36908 [preauth]
May 31 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session closed for user root
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16550]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16551]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16549]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16552]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16552]: pam_unix(cron:session): session closed for user root
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session closed for user p13x
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16613]: Successful su for rubyman by root
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16613]: + ??? root:rubyman
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430306 of user rubyman.
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16613]: pam_unix(su:session): session closed for user rubyman
May 31 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430306.
May 31 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16549]: pam_unix(cron:session): session closed for user root
May 31 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Invalid user pallidness from 173.254.234.162
May 31 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: input_userauth_request: invalid user pallidness [preauth]
May 31 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14075]: pam_unix(cron:session): session closed for user root
May 31 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Failed password for invalid user pallidness from 173.254.234.162 port 38890 ssh2
May 31 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Connection closed by 173.254.234.162 port 38890 [preauth]
May 31 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16548]: pam_unix(cron:session): session closed for user samftp
May 31 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Invalid user test from 80.94.95.115
May 31 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: input_userauth_request: invalid user test [preauth]
May 31 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Failed password for invalid user test from 80.94.95.115 port 26204 ssh2
May 31 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Connection closed by 80.94.95.115 port 26204 [preauth]
May 31 16:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Invalid user admin from 2.57.121.112
May 31 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: input_userauth_request: invalid user admin [preauth]
May 31 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user admin from 2.57.121.112 port 60250 ssh2
May 31 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user admin from 2.57.121.112 port 60250 ssh2
May 31 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user admin from 2.57.121.112 port 60250 ssh2
May 31 16:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user admin from 2.57.121.112 port 60250 ssh2
May 31 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Failed password for root from 202.133.90.219 port 43154 ssh2
May 31 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Connection closed by 202.133.90.219 port 43154 [preauth]
May 31 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15773]: pam_unix(cron:session): session closed for user root
May 31 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user admin from 2.57.121.112 port 60250 ssh2
May 31 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Received disconnect from 2.57.121.112 port 60250:11: Bye [preauth]
May 31 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Disconnected from 2.57.121.112 port 60250 [preauth]
May 31 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 16:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: Received disconnect from 51.75.149.221 port 50734:11: disconnected by user [preauth]
May 31 16:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: Disconnected from 51.75.149.221 port 50734 [preauth]
May 31 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16972]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16971]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16969]: pam_unix(cron:session): session closed for user p13x
May 31 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17036]: Successful su for rubyman by root
May 31 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17036]: + ??? root:rubyman
May 31 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430311 of user rubyman.
May 31 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17036]: pam_unix(su:session): session closed for user rubyman
May 31 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430311.
May 31 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14460]: pam_unix(cron:session): session closed for user root
May 31 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16970]: pam_unix(cron:session): session closed for user samftp
May 31 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16151]: pam_unix(cron:session): session closed for user root
May 31 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100  user=root
May 31 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Failed password for root from 202.133.90.219 port 45264 ssh2
May 31 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17320]: Failed password for root from 193.24.211.100 port 43666 ssh2
May 31 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17320]: Received disconnect from 193.24.211.100 port 43666:11: Client disconnecting normally [preauth]
May 31 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17320]: Disconnected from 193.24.211.100 port 43666 [preauth]
May 31 16:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Connection closed by 202.133.90.219 port 45264 [preauth]
May 31 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17372]: pam_unix(cron:session): session closed for user p13x
May 31 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17437]: Successful su for rubyman by root
May 31 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17437]: + ??? root:rubyman
May 31 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430314 of user rubyman.
May 31 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17437]: pam_unix(su:session): session closed for user rubyman
May 31 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430314.
May 31 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10  user=root
May 31 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session closed for user root
May 31 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Failed password for root from 189.203.163.10 port 60732 ssh2
May 31 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Received disconnect from 189.203.163.10 port 60732:11: Bye Bye [preauth]
May 31 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Disconnected from 189.203.163.10 port 60732 [preauth]
May 31 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17373]: pam_unix(cron:session): session closed for user samftp
May 31 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16551]: pam_unix(cron:session): session closed for user root
May 31 16:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Failed password for root from 202.133.90.219 port 53490 ssh2
May 31 16:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Connection closed by 202.133.90.219 port 53490 [preauth]
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17859]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17857]: pam_unix(cron:session): session closed for user p13x
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: Successful su for rubyman by root
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: + ??? root:rubyman
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430319 of user rubyman.
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: pam_unix(su:session): session closed for user rubyman
May 31 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430319.
May 31 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session closed for user root
May 31 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17858]: pam_unix(cron:session): session closed for user samftp
May 31 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16972]: pam_unix(cron:session): session closed for user root
May 31 16:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 16:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Failed password for root from 51.250.105.222 port 59278 ssh2
May 31 16:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Connection closed by 51.250.105.222 port 59278 [preauth]
May 31 16:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 16:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: Failed password for root from 125.20.210.182 port 48166 ssh2
May 31 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18278]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user p13x
May 31 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18343]: Successful su for rubyman by root
May 31 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18343]: + ??? root:rubyman
May 31 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430323 of user rubyman.
May 31 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18343]: pam_unix(su:session): session closed for user rubyman
May 31 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430323.
May 31 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: Connection closed by 125.20.210.182 port 48166 [preauth]
May 31 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session closed for user root
May 31 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session closed for user samftp
May 31 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: Failed password for root from 202.133.90.219 port 55142 ssh2
May 31 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: Connection closed by 202.133.90.219 port 55142 [preauth]
May 31 16:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 16:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Failed password for root from 194.113.233.25 port 46602 ssh2
May 31 16:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Connection closed by 194.113.233.25 port 46602 [preauth]
May 31 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session closed for user root
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session closed for user root
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session closed for user p13x
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: Successful su for rubyman by root
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: + ??? root:rubyman
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430327 of user rubyman.
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: pam_unix(su:session): session closed for user rubyman
May 31 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430327.
May 31 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16150]: pam_unix(cron:session): session closed for user root
May 31 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session closed for user root
May 31 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18770]: pam_unix(cron:session): session closed for user samftp
May 31 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: Failed password for root from 193.228.128.84 port 49414 ssh2
May 31 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: Connection closed by 193.228.128.84 port 49414 [preauth]
May 31 16:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Invalid user misha from 189.203.163.10
May 31 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: input_userauth_request: invalid user misha [preauth]
May 31 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10
May 31 16:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user misha from 189.203.163.10 port 55578 ssh2
May 31 16:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Received disconnect from 189.203.163.10 port 55578:11: Bye Bye [preauth]
May 31 16:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Disconnected from 189.203.163.10 port 55578 [preauth]
May 31 16:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Failed password for root from 202.133.90.219 port 33910 ssh2
May 31 16:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Connection closed by 202.133.90.219 port 33910 [preauth]
May 31 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17860]: pam_unix(cron:session): session closed for user root
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user p13x
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19378]: Successful su for rubyman by root
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19378]: + ??? root:rubyman
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430332 of user rubyman.
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19378]: pam_unix(su:session): session closed for user rubyman
May 31 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430332.
May 31 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16550]: pam_unix(cron:session): session closed for user root
May 31 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session closed for user samftp
May 31 16:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 16:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Failed password for root from 103.176.20.57 port 34020 ssh2
May 31 16:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Connection closed by 103.176.20.57 port 34020 [preauth]
May 31 16:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 16:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19805]: Failed password for root from 202.133.90.219 port 36350 ssh2
May 31 16:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19805]: Connection closed by 202.133.90.219 port 36350 [preauth]
May 31 16:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Failed password for root from 87.251.79.125 port 37602 ssh2
May 31 16:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Connection closed by 87.251.79.125 port 37602 [preauth]
May 31 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session closed for user root
May 31 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10  user=root
May 31 16:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Failed password for root from 189.203.163.10 port 48806 ssh2
May 31 16:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Received disconnect from 189.203.163.10 port 48806:11: Bye Bye [preauth]
May 31 16:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Disconnected from 189.203.163.10 port 48806 [preauth]
May 31 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19943]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19942]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19940]: pam_unix(cron:session): session closed for user p13x
May 31 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20002]: Successful su for rubyman by root
May 31 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20002]: + ??? root:rubyman
May 31 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430336 of user rubyman.
May 31 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20002]: pam_unix(su:session): session closed for user rubyman
May 31 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430336.
May 31 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16971]: pam_unix(cron:session): session closed for user root
May 31 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19941]: pam_unix(cron:session): session closed for user samftp
May 31 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session closed for user root
May 31 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: Invalid user pastramis from 67.207.84.8
May 31 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: input_userauth_request: invalid user pastramis [preauth]
May 31 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for root from 202.133.90.219 port 55012 ssh2
May 31 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Connection closed by 202.133.90.219 port 55012 [preauth]
May 31 16:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: Failed password for invalid user pastramis from 67.207.84.8 port 38492 ssh2
May 31 16:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: Connection closed by 67.207.84.8 port 38492 [preauth]
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20440]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20437]: pam_unix(cron:session): session closed for user p13x
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20503]: Successful su for rubyman by root
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20503]: + ??? root:rubyman
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430342 of user rubyman.
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20503]: pam_unix(su:session): session closed for user rubyman
May 31 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430342.
May 31 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session closed for user root
May 31 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20438]: pam_unix(cron:session): session closed for user samftp
May 31 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Invalid user ghostuser from 189.203.163.10
May 31 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: input_userauth_request: invalid user ghostuser [preauth]
May 31 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10
May 31 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ghostuser from 189.203.163.10 port 43360 ssh2
May 31 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Received disconnect from 189.203.163.10 port 43360:11: Bye Bye [preauth]
May 31 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Disconnected from 189.203.163.10 port 43360 [preauth]
May 31 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session closed for user root
May 31 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 16:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for root from 202.133.90.219 port 56970 ssh2
May 31 16:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: Failed password for root from 185.236.22.41 port 33156 ssh2
May 31 16:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: Connection closed by 185.236.22.41 port 33156 [preauth]
May 31 16:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Connection closed by 202.133.90.219 port 56970 [preauth]
May 31 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20943]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20944]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session closed for user p13x
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21000]: Successful su for rubyman by root
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21000]: + ??? root:rubyman
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430345 of user rubyman.
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21000]: pam_unix(su:session): session closed for user rubyman
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430345.
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17859]: pam_unix(cron:session): session closed for user root
May 31 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Failed password for root from 80.66.85.226 port 41740 ssh2
May 31 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Connection closed by 80.66.85.226 port 41740 [preauth]
May 31 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20942]: pam_unix(cron:session): session closed for user samftp
May 31 16:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
May 31 16:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21204]: Failed password for root from 45.148.10.121 port 36940 ssh2
May 31 16:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21204]: Connection closed by 45.148.10.121 port 36940 [preauth]
May 31 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19943]: pam_unix(cron:session): session closed for user root
May 31 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10  user=root
May 31 16:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Failed password for root from 189.203.163.10 port 39194 ssh2
May 31 16:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Received disconnect from 189.203.163.10 port 39194:11: Bye Bye [preauth]
May 31 16:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Disconnected from 189.203.163.10 port 39194 [preauth]
May 31 16:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Invalid user operator from 185.156.73.233
May 31 16:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: input_userauth_request: invalid user operator [preauth]
May 31 16:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Failed none for invalid user operator from 185.156.73.233 port 44636 ssh2
May 31 16:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Connection closed by 185.156.73.233 port 44636 [preauth]
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session closed for user root
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21352]: pam_unix(cron:session): session closed for user p13x
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: Successful su for rubyman by root
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: + ??? root:rubyman
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430352 of user rubyman.
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: pam_unix(su:session): session closed for user rubyman
May 31 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430352.
May 31 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session closed for user root
May 31 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18278]: pam_unix(cron:session): session closed for user root
May 31 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21354]: pam_unix(cron:session): session closed for user samftp
May 31 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for root from 202.133.90.219 port 58488 ssh2
May 31 16:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Connection closed by 202.133.90.219 port 58488 [preauth]
May 31 16:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Invalid user admin from 125.20.210.182
May 31 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: input_userauth_request: invalid user admin [preauth]
May 31 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Failed password for invalid user admin from 125.20.210.182 port 43832 ssh2
May 31 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Connection closed by 125.20.210.182 port 43832 [preauth]
May 31 16:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20440]: pam_unix(cron:session): session closed for user root
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21792]: Connection closed by 194.59.206.2 port 22192 [preauth]
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Invalid user test from 189.203.163.10
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: input_userauth_request: invalid user test [preauth]
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10
May 31 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Failed password for invalid user test from 189.203.163.10 port 53976 ssh2
May 31 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Received disconnect from 189.203.163.10 port 53976:11: Bye Bye [preauth]
May 31 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Disconnected from 189.203.163.10 port 53976 [preauth]
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21806]: pam_unix(cron:session): session closed for user p13x
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: Successful su for rubyman by root
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: + ??? root:rubyman
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430354 of user rubyman.
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: pam_unix(su:session): session closed for user rubyman
May 31 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430354.
May 31 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session closed for user root
May 31 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session closed for user samftp
May 31 16:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22082]: Failed password for root from 202.133.90.219 port 50298 ssh2
May 31 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22082]: Connection closed by 202.133.90.219 port 50298 [preauth]
May 31 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20944]: pam_unix(cron:session): session closed for user root
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22217]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session closed for user p13x
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22275]: Successful su for rubyman by root
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22275]: + ??? root:rubyman
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430358 of user rubyman.
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22275]: pam_unix(su:session): session closed for user rubyman
May 31 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430358.
May 31 16:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
May 31 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22216]: pam_unix(cron:session): session closed for user samftp
May 31 16:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Invalid user composeruser from 189.203.163.10
May 31 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: input_userauth_request: invalid user composeruser [preauth]
May 31 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10
May 31 16:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Failed password for invalid user composeruser from 189.203.163.10 port 57082 ssh2
May 31 16:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Received disconnect from 189.203.163.10 port 57082:11: Bye Bye [preauth]
May 31 16:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Disconnected from 189.203.163.10 port 57082 [preauth]
May 31 16:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Failed password for root from 202.133.90.219 port 37360 ssh2
May 31 16:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Connection closed by 202.133.90.219 port 37360 [preauth]
May 31 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21357]: pam_unix(cron:session): session closed for user root
May 31 16:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 16:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 16:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Failed password for root from 37.233.85.71 port 45660 ssh2
May 31 16:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Connection closed by 37.233.85.71 port 45660 [preauth]
May 31 16:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: Failed password for root from 103.122.221.179 port 49304 ssh2
May 31 16:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: Connection closed by 103.122.221.179 port 49304 [preauth]
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22610]: pam_unix(cron:session): session closed for user p13x
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22668]: Successful su for rubyman by root
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22668]: + ??? root:rubyman
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430362 of user rubyman.
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22668]: pam_unix(su:session): session closed for user rubyman
May 31 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430362.
May 31 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19942]: pam_unix(cron:session): session closed for user root
May 31 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22611]: pam_unix(cron:session): session closed for user samftp
May 31 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 16:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Failed password for root from 109.172.54.111 port 47552 ssh2
May 31 16:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Connection closed by 109.172.54.111 port 47552 [preauth]
May 31 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session closed for user root
May 31 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: Invalid user ubuntu from 189.203.163.10
May 31 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: input_userauth_request: invalid user ubuntu [preauth]
May 31 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10
May 31 16:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Failed password for root from 202.133.90.219 port 45038 ssh2
May 31 16:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Connection closed by 202.133.90.219 port 45038 [preauth]
May 31 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: Failed password for invalid user ubuntu from 189.203.163.10 port 41168 ssh2
May 31 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: Received disconnect from 189.203.163.10 port 41168:11: Bye Bye [preauth]
May 31 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: Disconnected from 189.203.163.10 port 41168 [preauth]
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session closed for user p13x
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: Successful su for rubyman by root
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: + ??? root:rubyman
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430367 of user rubyman.
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: pam_unix(su:session): session closed for user rubyman
May 31 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430367.
May 31 16:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20439]: pam_unix(cron:session): session closed for user root
May 31 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user samftp
May 31 16:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
May 31 16:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Failed password for root from 147.45.211.215 port 49530 ssh2
May 31 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Connection closed by 147.45.211.215 port 49530 [preauth]
May 31 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session closed for user root
May 31 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23377]: Failed password for root from 202.133.90.219 port 38996 ssh2
May 31 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23377]: Connection closed by 202.133.90.219 port 38996 [preauth]
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23410]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23411]: pam_unix(cron:session): session closed for user root
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23405]: pam_unix(cron:session): session closed for user p13x
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23473]: Successful su for rubyman by root
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23473]: + ??? root:rubyman
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430371 of user rubyman.
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23473]: pam_unix(su:session): session closed for user rubyman
May 31 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430371.
May 31 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23407]: pam_unix(cron:session): session closed for user root
May 31 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20943]: pam_unix(cron:session): session closed for user root
May 31 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session closed for user samftp
May 31 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.203.163.10  user=root
May 31 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Failed password for root from 189.203.163.10 port 44032 ssh2
May 31 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Received disconnect from 189.203.163.10 port 44032:11: Bye Bye [preauth]
May 31 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Disconnected from 189.203.163.10 port 44032 [preauth]
May 31 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session closed for user root
May 31 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23948]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23947]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23944]: pam_unix(cron:session): session closed for user p13x
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24015]: Successful su for rubyman by root
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24015]: + ??? root:rubyman
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430378 of user rubyman.
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24015]: pam_unix(su:session): session closed for user rubyman
May 31 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430378.
May 31 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session closed for user root
May 31 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Failed password for root from 202.133.90.219 port 49582 ssh2
May 31 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23945]: pam_unix(cron:session): session closed for user samftp
May 31 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Connection closed by 202.133.90.219 port 49582 [preauth]
May 31 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Failed password for root from 103.15.222.183 port 47010 ssh2
May 31 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Connection closed by 103.15.222.183 port 47010 [preauth]
May 31 16:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 16:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Failed password for root from 170.82.76.2 port 48770 ssh2
May 31 16:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Connection closed by 170.82.76.2 port 48770 [preauth]
May 31 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user root
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session closed for user p13x
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: Successful su for rubyman by root
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: + ??? root:rubyman
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430380 of user rubyman.
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: pam_unix(su:session): session closed for user rubyman
May 31 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430380.
May 31 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user root
May 31 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session closed for user samftp
May 31 16:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 16:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Failed password for root from 202.133.90.219 port 47396 ssh2
May 31 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Failed password for root from 62.133.62.83 port 46906 ssh2
May 31 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Connection closed by 62.133.62.83 port 46906 [preauth]
May 31 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Connection closed by 202.133.90.219 port 47396 [preauth]
May 31 16:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Failed password for root from 125.20.210.182 port 43032 ssh2
May 31 16:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Connection closed by 125.20.210.182 port 43032 [preauth]
May 31 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23410]: pam_unix(cron:session): session closed for user root
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24810]: pam_unix(cron:session): session closed for user p13x
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24868]: Successful su for rubyman by root
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24868]: + ??? root:rubyman
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430384 of user rubyman.
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24868]: pam_unix(su:session): session closed for user rubyman
May 31 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430384.
May 31 16:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22217]: pam_unix(cron:session): session closed for user root
May 31 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session closed for user samftp
May 31 16:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: Failed password for root from 202.133.90.219 port 43768 ssh2
May 31 16:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: Connection closed by 202.133.90.219 port 43768 [preauth]
May 31 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23948]: pam_unix(cron:session): session closed for user root
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25218]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session closed for user p13x
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25327]: Successful su for rubyman by root
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25327]: + ??? root:rubyman
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430388 of user rubyman.
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25327]: pam_unix(su:session): session closed for user rubyman
May 31 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430388.
May 31 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session closed for user root
May 31 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session closed for user root
May 31 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session closed for user samftp
May 31 16:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user root
May 31 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Failed password for root from 202.133.90.219 port 58586 ssh2
May 31 16:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Connection closed by 202.133.90.219 port 58586 [preauth]
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25700]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25702]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25704]: pam_unix(cron:session): session closed for user root
May 31 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25698]: pam_unix(cron:session): session closed for user p13x
May 31 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25766]: Successful su for rubyman by root
May 31 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25766]: + ??? root:rubyman
May 31 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430398 of user rubyman.
May 31 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25766]: pam_unix(su:session): session closed for user rubyman
May 31 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430398.
May 31 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user root
May 31 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25700]: pam_unix(cron:session): session closed for user root
May 31 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session closed for user samftp
May 31 16:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session closed for user root
May 31 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Invalid user pi from 80.94.95.116
May 31 16:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: input_userauth_request: invalid user pi [preauth]
May 31 16:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 16:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Failed password for invalid user pi from 80.94.95.116 port 22442 ssh2
May 31 16:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Failed password for root from 202.133.90.219 port 39466 ssh2
May 31 16:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Connection closed by 80.94.95.116 port 22442 [preauth]
May 31 16:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Connection closed by 202.133.90.219 port 39466 [preauth]
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user p13x
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: Successful su for rubyman by root
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: + ??? root:rubyman
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430399 of user rubyman.
May 31 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: pam_unix(su:session): session closed for user rubyman
May 31 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430399.
May 31 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session closed for user root
May 31 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user samftp
May 31 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25218]: pam_unix(cron:session): session closed for user root
May 31 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26508]: Failed password for root from 202.133.90.219 port 60414 ssh2
May 31 16:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26508]: Connection closed by 202.133.90.219 port 60414 [preauth]
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26529]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26527]: pam_unix(cron:session): session closed for user p13x
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26592]: Successful su for rubyman by root
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26592]: + ??? root:rubyman
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430404 of user rubyman.
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26592]: pam_unix(su:session): session closed for user rubyman
May 31 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430404.
May 31 16:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23947]: pam_unix(cron:session): session closed for user root
May 31 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session closed for user samftp
May 31 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25702]: pam_unix(cron:session): session closed for user root
May 31 16:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session closed for user p13x
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: Successful su for rubyman by root
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: + ??? root:rubyman
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430408 of user rubyman.
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: pam_unix(su:session): session closed for user rubyman
May 31 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430408.
May 31 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session closed for user root
May 31 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session closed for user samftp
May 31 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: Failed password for root from 202.133.90.219 port 49258 ssh2
May 31 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: Connection closed by 202.133.90.219 port 49258 [preauth]
May 31 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session closed for user root
May 31 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: Invalid user rpc from 125.20.210.182
May 31 16:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: input_userauth_request: invalid user rpc [preauth]
May 31 16:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 16:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: Failed password for invalid user rpc from 125.20.210.182 port 35234 ssh2
May 31 16:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: Connection closed by 125.20.210.182 port 35234 [preauth]
May 31 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27431]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session closed for user p13x
May 31 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: Successful su for rubyman by root
May 31 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: + ??? root:rubyman
May 31 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430412 of user rubyman.
May 31 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: pam_unix(su:session): session closed for user rubyman
May 31 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430412.
May 31 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24812]: pam_unix(cron:session): session closed for user root
May 31 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27427]: pam_unix(cron:session): session closed for user samftp
May 31 16:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Failed password for root from 202.133.90.219 port 60658 ssh2
May 31 16:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Connection closed by 202.133.90.219 port 60658 [preauth]
May 31 16:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session closed for user root
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session closed for user root
May 31 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session closed for user p13x
May 31 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: Successful su for rubyman by root
May 31 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: + ??? root:rubyman
May 31 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430417 of user rubyman.
May 31 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session closed for user rubyman
May 31 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430417.
May 31 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27832]: pam_unix(cron:session): session closed for user root
May 31 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user root
May 31 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27831]: pam_unix(cron:session): session closed for user samftp
May 31 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 16:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Failed password for root from 193.37.70.224 port 59088 ssh2
May 31 16:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Connection closed by 193.37.70.224 port 59088 [preauth]
May 31 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Failed password for root from 202.133.90.219 port 60758 ssh2
May 31 16:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Connection closed by 202.133.90.219 port 60758 [preauth]
May 31 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session closed for user root
May 31 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28331]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session closed for user p13x
May 31 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28392]: Successful su for rubyman by root
May 31 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28392]: + ??? root:rubyman
May 31 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430422 of user rubyman.
May 31 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28392]: pam_unix(su:session): session closed for user rubyman
May 31 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430422.
May 31 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session closed for user root
May 31 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session closed for user samftp
May 31 16:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 16:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Failed password for root from 103.172.78.219 port 56742 ssh2
May 31 16:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Connection closed by 103.172.78.219 port 56742 [preauth]
May 31 16:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27431]: pam_unix(cron:session): session closed for user root
May 31 16:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Failed password for root from 202.133.90.219 port 39980 ssh2
May 31 16:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Connection closed by 202.133.90.219 port 39980 [preauth]
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28827]: pam_unix(cron:session): session closed for user p13x
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28886]: Successful su for rubyman by root
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28886]: + ??? root:rubyman
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430425 of user rubyman.
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28886]: pam_unix(su:session): session closed for user rubyman
May 31 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430425.
May 31 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user root
May 31 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28828]: pam_unix(cron:session): session closed for user samftp
May 31 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session closed for user root
May 31 16:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: Failed password for root from 202.133.90.219 port 43786 ssh2
May 31 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: Connection closed by 202.133.90.219 port 43786 [preauth]
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29225]: pam_unix(cron:session): session closed for user p13x
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: Successful su for rubyman by root
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: + ??? root:rubyman
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430430 of user rubyman.
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: pam_unix(su:session): session closed for user rubyman
May 31 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430430.
May 31 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26529]: pam_unix(cron:session): session closed for user root
May 31 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29226]: pam_unix(cron:session): session closed for user samftp
May 31 16:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 16:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: Failed password for root from 103.77.175.15 port 43526 ssh2
May 31 16:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: Connection closed by 103.77.175.15 port 43526 [preauth]
May 31 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28332]: pam_unix(cron:session): session closed for user root
May 31 16:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 16:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: Failed password for root from 103.173.227.57 port 52298 ssh2
May 31 16:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: Connection closed by 103.173.227.57 port 52298 [preauth]
May 31 16:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: Failed password for root from 202.133.90.219 port 46614 ssh2
May 31 16:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: Connection closed by 202.133.90.219 port 46614 [preauth]
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29767]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session closed for user p13x
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: Successful su for rubyman by root
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: + ??? root:rubyman
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430435 of user rubyman.
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: pam_unix(su:session): session closed for user rubyman
May 31 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430435.
May 31 16:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session closed for user root
May 31 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session closed for user samftp
May 31 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session closed for user root
May 31 16:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30195]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session closed for user root
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30191]: pam_unix(cron:session): session closed for user p13x
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: Successful su for rubyman by root
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: + ??? root:rubyman
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430439 of user rubyman.
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: pam_unix(su:session): session closed for user rubyman
May 31 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430439.
May 31 16:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30193]: pam_unix(cron:session): session closed for user root
May 31 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session closed for user root
May 31 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30187]: Failed password for root from 202.133.90.219 port 34832 ssh2
May 31 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30192]: pam_unix(cron:session): session closed for user samftp
May 31 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30187]: Connection closed by 202.133.90.219 port 34832 [preauth]
May 31 16:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session closed for user root
May 31 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 16:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: Failed password for root from 80.94.95.115 port 59796 ssh2
May 31 16:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: Connection closed by 80.94.95.115 port 59796 [preauth]
May 31 16:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 16:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Failed password for root from 176.32.39.21 port 58688 ssh2
May 31 16:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Connection closed by 176.32.39.21 port 58688 [preauth]
May 31 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30651]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30649]: pam_unix(cron:session): session closed for user p13x
May 31 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: Successful su for rubyman by root
May 31 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: + ??? root:rubyman
May 31 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430443 of user rubyman.
May 31 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: pam_unix(su:session): session closed for user rubyman
May 31 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430443.
May 31 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Failed password for root from 125.20.210.182 port 56864 ssh2
May 31 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Connection closed by 125.20.210.182 port 56864 [preauth]
May 31 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27833]: pam_unix(cron:session): session closed for user root
May 31 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session closed for user samftp
May 31 16:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Failed password for root from 202.133.90.219 port 52648 ssh2
May 31 16:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Connection closed by 202.133.90.219 port 52648 [preauth]
May 31 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29767]: pam_unix(cron:session): session closed for user root
May 31 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Failed password for root from 38.93.206.2 port 37750 ssh2
May 31 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Connection closed by 38.93.206.2 port 37750 [preauth]
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session closed for user p13x
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31206]: Successful su for rubyman by root
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31206]: + ??? root:rubyman
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430447 of user rubyman.
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31206]: pam_unix(su:session): session closed for user rubyman
May 31 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430447.
May 31 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28331]: pam_unix(cron:session): session closed for user root
May 31 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session closed for user samftp
May 31 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31430]: Failed password for root from 202.133.90.219 port 36962 ssh2
May 31 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31430]: Connection closed by 202.133.90.219 port 36962 [preauth]
May 31 16:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Invalid user dev from 168.220.237.171
May 31 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: input_userauth_request: invalid user dev [preauth]
May 31 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.220.237.171
May 31 16:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Failed password for invalid user dev from 168.220.237.171 port 37412 ssh2
May 31 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Connection closed by 168.220.237.171 port 37412 [preauth]
May 31 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30195]: pam_unix(cron:session): session closed for user root
May 31 16:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 16:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Failed password for root from 89.108.118.91 port 34094 ssh2
May 31 16:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Connection closed by 89.108.118.91 port 34094 [preauth]
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31654]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31651]: pam_unix(cron:session): session closed for user p13x
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: Successful su for rubyman by root
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: + ??? root:rubyman
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430451 of user rubyman.
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: pam_unix(su:session): session closed for user rubyman
May 31 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430451.
May 31 16:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28829]: pam_unix(cron:session): session closed for user root
May 31 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31652]: pam_unix(cron:session): session closed for user samftp
May 31 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Invalid user import from 173.254.234.162
May 31 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: input_userauth_request: invalid user import [preauth]
May 31 16:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 16:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Failed password for invalid user import from 173.254.234.162 port 38892 ssh2
May 31 16:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Connection closed by 173.254.234.162 port 38892 [preauth]
May 31 16:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Failed password for root from 202.133.90.219 port 42894 ssh2
May 31 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session closed for user root
May 31 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Connection closed by 202.133.90.219 port 42894 [preauth]
May 31 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 16:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Failed password for root from 103.149.170.125 port 60084 ssh2
May 31 16:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Connection closed by 103.149.170.125 port 60084 [preauth]
May 31 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32079]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session closed for user p13x
May 31 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32139]: Successful su for rubyman by root
May 31 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32139]: + ??? root:rubyman
May 31 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430456 of user rubyman.
May 31 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32139]: pam_unix(su:session): session closed for user rubyman
May 31 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430456.
May 31 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29227]: pam_unix(cron:session): session closed for user root
May 31 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32078]: pam_unix(cron:session): session closed for user samftp
May 31 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100  user=root
May 31 16:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for root from 193.24.211.100 port 15461 ssh2
May 31 16:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Received disconnect from 193.24.211.100 port 15461:11: Client disconnecting normally [preauth]
May 31 16:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Disconnected from 193.24.211.100 port 15461 [preauth]
May 31 16:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session closed for user root
May 31 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32423]: Failed password for root from 202.133.90.219 port 46244 ssh2
May 31 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32423]: Connection closed by 202.133.90.219 port 46244 [preauth]
May 31 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 16:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Failed password for root from 103.77.242.62 port 37236 ssh2
May 31 16:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Connection closed by 103.77.242.62 port 37236 [preauth]
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user root
May 31 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32478]: pam_unix(cron:session): session closed for user p13x
May 31 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32552]: Successful su for rubyman by root
May 31 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32552]: + ??? root:rubyman
May 31 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430461 of user rubyman.
May 31 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32552]: pam_unix(su:session): session closed for user rubyman
May 31 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430461.
May 31 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session closed for user root
May 31 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session closed for user root
May 31 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32479]: pam_unix(cron:session): session closed for user samftp
May 31 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Invalid user abc from 89.47.53.19
May 31 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: input_userauth_request: invalid user abc [preauth]
May 31 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.47.53.19
May 31 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Failed password for invalid user abc from 89.47.53.19 port 50978 ssh2
May 31 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Received disconnect from 89.47.53.19 port 50978:11: Bye Bye [preauth]
May 31 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Disconnected from 89.47.53.19 port 50978 [preauth]
May 31 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31654]: pam_unix(cron:session): session closed for user root
May 31 16:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Failed password for root from 147.45.197.250 port 47586 ssh2
May 31 16:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Connection closed by 147.45.197.250 port 47586 [preauth]
May 31 16:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49  user=root
May 31 16:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Failed password for root from 152.32.212.49 port 32936 ssh2
May 31 16:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Failed password for root from 202.133.90.219 port 35318 ssh2
May 31 16:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Received disconnect from 152.32.212.49 port 32936:11: Bye Bye [preauth]
May 31 16:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Disconnected from 152.32.212.49 port 32936 [preauth]
May 31 16:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Connection closed by 202.133.90.219 port 35318 [preauth]
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session closed for user p13x
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[677]: Successful su for rubyman by root
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[677]: + ??? root:rubyman
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430468 of user rubyman.
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[677]: pam_unix(su:session): session closed for user rubyman
May 31 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430468.
May 31 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session closed for user root
May 31 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session closed for user samftp
May 31 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Invalid user ubuntu22 from 103.103.245.61
May 31 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: input_userauth_request: invalid user ubuntu22 [preauth]
May 31 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: pam_unix(sshd:auth): check pass; user unknown
May 31 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61
May 31 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session closed for user root
May 31 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Failed password for invalid user ubuntu22 from 103.103.245.61 port 59094 ssh2
May 31 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Received disconnect from 103.103.245.61 port 59094:11: Bye Bye [preauth]
May 31 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Disconnected from 103.103.245.61 port 59094 [preauth]
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1052]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1042]: pam_unix(cron:session): session closed for user p13x
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1128]: Successful su for rubyman by root
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1128]: + ??? root:rubyman
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430470 of user rubyman.
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1128]: pam_unix(su:session): session closed for user rubyman
May 31 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430470.
May 31 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30651]: pam_unix(cron:session): session closed for user root
May 31 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1050]: pam_unix(cron:session): session closed for user samftp
May 31 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: Failed password for root from 202.133.90.219 port 58926 ssh2
May 31 16:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1040]: Connection closed by 202.133.90.219 port 58926 [preauth]
May 31 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for root from 109.237.96.109 port 33024 ssh2
May 31 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Connection closed by 109.237.96.109 port 33024 [preauth]
May 31 16:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: Failed password for root from 125.20.210.182 port 40578 ssh2
May 31 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user root
May 31 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: Connection closed by 125.20.210.182 port 40578 [preauth]
May 31 16:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: Failed password for root from 103.82.132.16 port 48630 ssh2
May 31 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: Connection closed by 103.82.132.16 port 48630 [preauth]
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1602]: pam_unix(cron:session): session closed for user p13x
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1675]: Successful su for rubyman by root
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1675]: + ??? root:rubyman
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430473 of user rubyman.
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1675]: pam_unix(su:session): session closed for user rubyman
May 31 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430473.
May 31 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session closed for user root
May 31 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session closed for user samftp
May 31 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Failed password for root from 202.133.90.219 port 46516 ssh2
May 31 16:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Connection closed by 202.133.90.219 port 46516 [preauth]
May 31 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session closed for user root
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2094]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2095]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2092]: pam_unix(cron:session): session closed for user p13x
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2163]: Successful su for rubyman by root
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2163]: + ??? root:rubyman
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430479 of user rubyman.
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2163]: pam_unix(su:session): session closed for user rubyman
May 31 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430479.
May 31 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31653]: pam_unix(cron:session): session closed for user root
May 31 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Failed password for root from 210.212.136.3 port 50102 ssh2
May 31 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session closed for user samftp
May 31 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Received disconnect from 210.212.136.3 port 50102:11: Bye Bye [preauth]
May 31 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Disconnected from 210.212.136.3 port 50102 [preauth]
May 31 16:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 16:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 16:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for root from 202.133.90.219 port 43728 ssh2
May 31 16:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Connection closed by 202.133.90.219 port 43728 [preauth]
May 31 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session closed for user root
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2525]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2527]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2526]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2523]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2524]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2527]: pam_unix(cron:session): session closed for user root
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2523]: pam_unix(cron:session): session closed for user root
May 31 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session closed for user p13x
May 31 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: Successful su for rubyman by root
May 31 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: + ??? root:rubyman
May 31 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430486 of user rubyman.
May 31 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: pam_unix(su:session): session closed for user rubyman
May 31 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430486.
May 31 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2524]: pam_unix(cron:session): session closed for user root
May 31 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32079]: pam_unix(cron:session): session closed for user root
May 31 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session closed for user samftp
May 31 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: Invalid user admin from 45.148.10.121
May 31 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: input_userauth_request: invalid user admin [preauth]
May 31 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Invalid user a from 185.156.73.233
May 31 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: input_userauth_request: invalid user a [preauth]
May 31 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session closed for user root
May 31 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: Failed password for invalid user admin from 45.148.10.121 port 43010 ssh2
May 31 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: Connection closed by 45.148.10.121 port 43010 [preauth]
May 31 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for invalid user a from 185.156.73.233 port 35120 ssh2
May 31 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 185.156.73.233 port 35120 [preauth]
May 31 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: Failed password for root from 202.133.90.219 port 39898 ssh2
May 31 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: Connection closed by 202.133.90.219 port 39898 [preauth]
May 31 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3039]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user p13x
May 31 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: Successful su for rubyman by root
May 31 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: + ??? root:rubyman
May 31 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430488 of user rubyman.
May 31 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: pam_unix(su:session): session closed for user rubyman
May 31 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430488.
May 31 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session closed for user root
May 31 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session closed for user samftp
May 31 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2095]: pam_unix(cron:session): session closed for user root
May 31 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Failed password for root from 202.133.90.219 port 48968 ssh2
May 31 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Connection closed by 202.133.90.219 port 48968 [preauth]
May 31 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session closed for user p13x
May 31 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: Successful su for rubyman by root
May 31 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: + ??? root:rubyman
May 31 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430495 of user rubyman.
May 31 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: pam_unix(su:session): session closed for user rubyman
May 31 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430495.
May 31 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session closed for user root
May 31 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session closed for user samftp
May 31 17:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49  user=root
May 31 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for root from 147.45.199.80 port 51932 ssh2
May 31 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Connection closed by 147.45.199.80 port 51932 [preauth]
May 31 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Failed password for root from 152.32.212.49 port 14556 ssh2
May 31 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Received disconnect from 152.32.212.49 port 14556:11: Bye Bye [preauth]
May 31 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Disconnected from 152.32.212.49 port 14556 [preauth]
May 31 17:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61  user=root
May 31 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: Failed password for root from 103.103.245.61 port 35344 ssh2
May 31 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: Received disconnect from 103.103.245.61 port 35344:11: Bye Bye [preauth]
May 31 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: Disconnected from 103.103.245.61 port 35344 [preauth]
May 31 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2526]: pam_unix(cron:session): session closed for user root
May 31 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: Failed password for root from 202.133.90.219 port 49496 ssh2
May 31 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: Connection closed by 202.133.90.219 port 49496 [preauth]
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session closed for user p13x
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4094]: Successful su for rubyman by root
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4094]: + ??? root:rubyman
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430496 of user rubyman.
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4094]: pam_unix(su:session): session closed for user rubyman
May 31 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430496.
May 31 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1052]: pam_unix(cron:session): session closed for user root
May 31 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4008]: pam_unix(cron:session): session closed for user samftp
May 31 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4328]: Failed password for root from 62.133.63.178 port 55298 ssh2
May 31 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4328]: Connection closed by 62.133.63.178 port 55298 [preauth]
May 31 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3039]: pam_unix(cron:session): session closed for user root
May 31 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: Failed password for root from 210.212.136.3 port 46096 ssh2
May 31 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: Received disconnect from 210.212.136.3 port 46096:11: Bye Bye [preauth]
May 31 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: Disconnected from 210.212.136.3 port 46096 [preauth]
May 31 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61  user=root
May 31 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Invalid user azureuser from 152.32.212.49
May 31 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: input_userauth_request: invalid user azureuser [preauth]
May 31 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49
May 31 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Failed password for root from 103.103.245.61 port 34378 ssh2
May 31 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Received disconnect from 103.103.245.61 port 34378:11: Bye Bye [preauth]
May 31 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Disconnected from 103.103.245.61 port 34378 [preauth]
May 31 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Failed password for invalid user azureuser from 152.32.212.49 port 33944 ssh2
May 31 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Received disconnect from 152.32.212.49 port 33944:11: Bye Bye [preauth]
May 31 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Disconnected from 152.32.212.49 port 33944 [preauth]
May 31 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session closed for user p13x
May 31 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4511]: Successful su for rubyman by root
May 31 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4511]: + ??? root:rubyman
May 31 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430502 of user rubyman.
May 31 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4511]: pam_unix(su:session): session closed for user rubyman
May 31 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430502.
May 31 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session closed for user root
May 31 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session closed for user samftp
May 31 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for root from 89.223.69.22 port 54286 ssh2
May 31 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Connection closed by 89.223.69.22 port 54286 [preauth]
May 31 17:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Failed password for root from 202.133.90.219 port 39106 ssh2
May 31 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Connection closed by 202.133.90.219 port 39106 [preauth]
May 31 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Failed password for root from 125.20.210.182 port 58142 ssh2
May 31 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Connection closed by 125.20.210.182 port 58142 [preauth]
May 31 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user root
May 31 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4859]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4861]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session closed for user root
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4857]: pam_unix(cron:session): session closed for user p13x
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: Successful su for rubyman by root
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: + ??? root:rubyman
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430508 of user rubyman.
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session closed for user rubyman
May 31 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430508.
May 31 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4859]: pam_unix(cron:session): session closed for user root
May 31 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2094]: pam_unix(cron:session): session closed for user root
May 31 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4858]: pam_unix(cron:session): session closed for user samftp
May 31 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for root from 210.212.136.3 port 50416 ssh2
May 31 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Received disconnect from 210.212.136.3 port 50416:11: Bye Bye [preauth]
May 31 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Disconnected from 210.212.136.3 port 50416 [preauth]
May 31 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: Failed password for root from 202.133.90.219 port 54710 ssh2
May 31 17:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: Connection closed by 202.133.90.219 port 54710 [preauth]
May 31 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session closed for user root
May 31 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: Invalid user bodega from 103.103.245.61
May 31 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: input_userauth_request: invalid user bodega [preauth]
May 31 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61
May 31 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: Failed password for invalid user bodega from 103.103.245.61 port 50384 ssh2
May 31 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: Received disconnect from 103.103.245.61 port 50384:11: Bye Bye [preauth]
May 31 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5230]: Disconnected from 103.103.245.61 port 50384 [preauth]
May 31 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49  user=root
May 31 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Failed password for root from 152.32.212.49 port 62668 ssh2
May 31 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Received disconnect from 152.32.212.49 port 62668:11: Bye Bye [preauth]
May 31 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Disconnected from 152.32.212.49 port 62668 [preauth]
May 31 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5294]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session closed for user p13x
May 31 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5375]: Successful su for rubyman by root
May 31 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5375]: + ??? root:rubyman
May 31 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430510 of user rubyman.
May 31 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5375]: pam_unix(su:session): session closed for user rubyman
May 31 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430510.
May 31 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2525]: pam_unix(cron:session): session closed for user root
May 31 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session closed for user samftp
May 31 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Invalid user surgery from 173.254.234.162
May 31 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: input_userauth_request: invalid user surgery [preauth]
May 31 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Failed password for invalid user surgery from 173.254.234.162 port 44082 ssh2
May 31 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Connection closed by 173.254.234.162 port 44082 [preauth]
May 31 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user root
May 31 17:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Failed password for root from 202.133.90.219 port 34034 ssh2
May 31 17:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Connection closed by 202.133.90.219 port 34034 [preauth]
May 31 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 17:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Failed password for root from 210.212.136.3 port 35142 ssh2
May 31 17:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Received disconnect from 210.212.136.3 port 35142:11: Bye Bye [preauth]
May 31 17:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Disconnected from 210.212.136.3 port 35142 [preauth]
May 31 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5702]: pam_unix(cron:session): session closed for user p13x
May 31 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: Successful su for rubyman by root
May 31 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: + ??? root:rubyman
May 31 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430514 of user rubyman.
May 31 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session closed for user rubyman
May 31 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430514.
May 31 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session closed for user root
May 31 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session closed for user samftp
May 31 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61  user=root
May 31 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for root from 103.103.245.61 port 44508 ssh2
May 31 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Received disconnect from 103.103.245.61 port 44508:11: Bye Bye [preauth]
May 31 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Disconnected from 103.103.245.61 port 44508 [preauth]
May 31 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4861]: pam_unix(cron:session): session closed for user root
May 31 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: Failed password for root from 202.133.90.219 port 47012 ssh2
May 31 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: Connection closed by 202.133.90.219 port 47012 [preauth]
May 31 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49  user=root
May 31 17:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Failed password for root from 152.32.212.49 port 38802 ssh2
May 31 17:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Received disconnect from 152.32.212.49 port 38802:11: Bye Bye [preauth]
May 31 17:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Disconnected from 152.32.212.49 port 38802 [preauth]
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session closed for user p13x
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6141]: Successful su for rubyman by root
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6141]: + ??? root:rubyman
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430519 of user rubyman.
May 31 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6141]: pam_unix(su:session): session closed for user rubyman
May 31 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430519.
May 31 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session closed for user root
May 31 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session closed for user samftp
May 31 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Invalid user tmp from 210.212.136.3
May 31 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: input_userauth_request: invalid user tmp [preauth]
May 31 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3
May 31 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Failed password for invalid user tmp from 210.212.136.3 port 36752 ssh2
May 31 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Received disconnect from 210.212.136.3 port 36752:11: Bye Bye [preauth]
May 31 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Disconnected from 210.212.136.3 port 36752 [preauth]
May 31 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5294]: pam_unix(cron:session): session closed for user root
May 31 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61  user=root
May 31 17:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Failed password for root from 103.103.245.61 port 51982 ssh2
May 31 17:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Received disconnect from 103.103.245.61 port 51982:11: Bye Bye [preauth]
May 31 17:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Disconnected from 103.103.245.61 port 51982 [preauth]
May 31 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session closed for user p13x
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6592]: Successful su for rubyman by root
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6592]: + ??? root:rubyman
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430522 of user rubyman.
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6592]: pam_unix(su:session): session closed for user rubyman
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430522.
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Failed password for root from 202.133.90.219 port 47680 ssh2
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session closed for user root
May 31 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Connection closed by 202.133.90.219 port 47680 [preauth]
May 31 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session closed for user root
May 31 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session closed for user samftp
May 31 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session closed for user root
May 31 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: Invalid user ubuntu22 from 152.32.212.49
May 31 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: input_userauth_request: invalid user ubuntu22 [preauth]
May 31 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49
May 31 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: Failed password for invalid user ubuntu22 from 152.32.212.49 port 10636 ssh2
May 31 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: Received disconnect from 152.32.212.49 port 10636:11: Bye Bye [preauth]
May 31 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6968]: Disconnected from 152.32.212.49 port 10636 [preauth]
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Invalid user tarik from 213.209.159.56
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: input_userauth_request: invalid user tarik [preauth]
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Invalid user admin from 210.212.136.3
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: input_userauth_request: invalid user admin [preauth]
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3
May 31 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Failed password for root from 103.27.238.114 port 57074 ssh2
May 31 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user tarik from 213.209.159.56 port 62547 ssh2
May 31 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Failed password for invalid user admin from 210.212.136.3 port 53686 ssh2
May 31 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Connection closed by 103.27.238.114 port 57074 [preauth]
May 31 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Received disconnect from 210.212.136.3 port 53686:11: Bye Bye [preauth]
May 31 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Disconnected from 210.212.136.3 port 53686 [preauth]
May 31 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user tarik from 213.209.159.56 port 62547 ssh2
May 31 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user tarik from 213.209.159.56 port 62547 ssh2
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session closed for user root
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session closed for user p13x
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7144]: Successful su for rubyman by root
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7144]: + ??? root:rubyman
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430529 of user rubyman.
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7144]: pam_unix(su:session): session closed for user rubyman
May 31 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430529.
May 31 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user root
May 31 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user tarik from 213.209.159.56 port 62547 ssh2
May 31 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session closed for user root
May 31 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user tarik from 213.209.159.56 port 62547 ssh2
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session closed for user samftp
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Received disconnect from 213.209.159.56 port 62547:11: Bye [preauth]
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Disconnected from 213.209.159.56 port 62547 [preauth]
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for root from 77.94.47.83 port 39006 ssh2
May 31 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Connection closed by 77.94.47.83 port 39006 [preauth]
May 31 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Failed password for root from 202.133.90.219 port 46772 ssh2
May 31 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Connection closed by 202.133.90.219 port 46772 [preauth]
May 31 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Invalid user a from 185.156.73.233
May 31 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: input_userauth_request: invalid user a [preauth]
May 31 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Failed password for invalid user a from 185.156.73.233 port 48566 ssh2
May 31 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Connection closed by 185.156.73.233 port 48566 [preauth]
May 31 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Failed password for root from 94.159.98.239 port 33790 ssh2
May 31 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Connection closed by 94.159.98.239 port 33790 [preauth]
May 31 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session closed for user root
May 31 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: Invalid user user1 from 125.20.210.182
May 31 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: input_userauth_request: invalid user user1 [preauth]
May 31 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: Failed password for invalid user user1 from 125.20.210.182 port 42666 ssh2
May 31 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Invalid user azureuser from 103.103.245.61
May 31 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: input_userauth_request: invalid user azureuser [preauth]
May 31 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61
May 31 17:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for invalid user azureuser from 103.103.245.61 port 43532 ssh2
May 31 17:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Received disconnect from 103.103.245.61 port 43532:11: Bye Bye [preauth]
May 31 17:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Disconnected from 103.103.245.61 port 43532 [preauth]
May 31 17:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: Connection closed by 125.20.210.182 port 42666 [preauth]
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session closed for user p13x
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: Successful su for rubyman by root
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: + ??? root:rubyman
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430534 of user rubyman.
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: pam_unix(su:session): session closed for user rubyman
May 31 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430534.
May 31 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session closed for user root
May 31 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session closed for user samftp
May 31 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Failed password for root from 210.212.136.3 port 60882 ssh2
May 31 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Received disconnect from 210.212.136.3 port 60882:11: Bye Bye [preauth]
May 31 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Disconnected from 210.212.136.3 port 60882 [preauth]
May 31 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for root from 202.133.90.219 port 49892 ssh2
May 31 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Connection closed by 202.133.90.219 port 49892 [preauth]
May 31 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session closed for user root
May 31 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Invalid user cmm from 152.32.212.49
May 31 17:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: input_userauth_request: invalid user cmm [preauth]
May 31 17:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49
May 31 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Failed password for invalid user cmm from 152.32.212.49 port 33920 ssh2
May 31 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Received disconnect from 152.32.212.49 port 33920:11: Bye Bye [preauth]
May 31 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Disconnected from 152.32.212.49 port 33920 [preauth]
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8016]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8014]: pam_unix(cron:session): session closed for user p13x
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8075]: Successful su for rubyman by root
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8075]: + ??? root:rubyman
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430538 of user rubyman.
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8075]: pam_unix(su:session): session closed for user rubyman
May 31 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430538.
May 31 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session closed for user root
May 31 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8015]: pam_unix(cron:session): session closed for user samftp
May 31 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session closed for user root
May 31 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for root from 202.133.90.219 port 52158 ssh2
May 31 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: Invalid user admin from 103.103.245.61
May 31 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: input_userauth_request: invalid user admin [preauth]
May 31 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61
May 31 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Connection closed by 202.133.90.219 port 52158 [preauth]
May 31 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: Failed password for invalid user admin from 103.103.245.61 port 50040 ssh2
May 31 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: Received disconnect from 103.103.245.61 port 50040:11: Bye Bye [preauth]
May 31 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8343]: Disconnected from 103.103.245.61 port 50040 [preauth]
May 31 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 17:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Failed password for root from 210.212.136.3 port 54734 ssh2
May 31 17:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Received disconnect from 210.212.136.3 port 54734:11: Bye Bye [preauth]
May 31 17:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Disconnected from 210.212.136.3 port 54734 [preauth]
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user p13x
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: Successful su for rubyman by root
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: + ??? root:rubyman
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430541 of user rubyman.
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: pam_unix(su:session): session closed for user rubyman
May 31 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430541.
May 31 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session closed for user root
May 31 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session closed for user samftp
May 31 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7515]: pam_unix(cron:session): session closed for user root
May 31 17:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Failed password for root from 202.133.90.219 port 49654 ssh2
May 31 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Connection closed by 202.133.90.219 port 49654 [preauth]
May 31 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49  user=root
May 31 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Failed password for root from 152.32.212.49 port 38522 ssh2
May 31 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Received disconnect from 152.32.212.49 port 38522:11: Bye Bye [preauth]
May 31 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Disconnected from 152.32.212.49 port 38522 [preauth]
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8808]: pam_unix(cron:session): session closed for user p13x
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8871]: Successful su for rubyman by root
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8871]: + ??? root:rubyman
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430545 of user rubyman.
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8871]: pam_unix(su:session): session closed for user rubyman
May 31 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430545.
May 31 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session closed for user root
May 31 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session closed for user samftp
May 31 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3  user=root
May 31 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for root from 210.212.136.3 port 36358 ssh2
May 31 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Received disconnect from 210.212.136.3 port 36358:11: Bye Bye [preauth]
May 31 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Disconnected from 210.212.136.3 port 36358 [preauth]
May 31 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61  user=root
May 31 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Failed password for root from 103.103.245.61 port 36812 ssh2
May 31 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Received disconnect from 103.103.245.61 port 36812:11: Bye Bye [preauth]
May 31 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Disconnected from 103.103.245.61 port 36812 [preauth]
May 31 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session closed for user root
May 31 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Failed password for root from 202.133.90.219 port 39284 ssh2
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9213]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session closed for user root
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session closed for user p13x
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: Successful su for rubyman by root
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: + ??? root:rubyman
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430551 of user rubyman.
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: pam_unix(su:session): session closed for user rubyman
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430551.
May 31 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Connection closed by 202.133.90.219 port 39284 [preauth]
May 31 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session closed for user root
May 31 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session closed for user root
May 31 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session closed for user samftp
May 31 17:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 17:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Failed password for root from 103.27.238.120 port 57382 ssh2
May 31 17:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Failed password for root from 103.27.238.116 port 38816 ssh2
May 31 17:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Connection closed by 103.27.238.120 port 57382 [preauth]
May 31 17:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Connection closed by 103.27.238.116 port 38816 [preauth]
May 31 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
May 31 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Invalid user bodega from 152.32.212.49
May 31 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: input_userauth_request: invalid user bodega [preauth]
May 31 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49
May 31 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Failed password for invalid user bodega from 152.32.212.49 port 36020 ssh2
May 31 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Received disconnect from 152.32.212.49 port 36020:11: Bye Bye [preauth]
May 31 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Disconnected from 152.32.212.49 port 36020 [preauth]
May 31 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: Invalid user scsadmin from 210.212.136.3
May 31 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: input_userauth_request: invalid user scsadmin [preauth]
May 31 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.212.136.3
May 31 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: Failed password for invalid user scsadmin from 210.212.136.3 port 36566 ssh2
May 31 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: Received disconnect from 210.212.136.3 port 36566:11: Bye Bye [preauth]
May 31 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9620]: Disconnected from 210.212.136.3 port 36566 [preauth]
May 31 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9645]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9643]: pam_unix(cron:session): session closed for user p13x
May 31 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9711]: Successful su for rubyman by root
May 31 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9711]: + ??? root:rubyman
May 31 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430556 of user rubyman.
May 31 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9711]: pam_unix(su:session): session closed for user rubyman
May 31 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430556.
May 31 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
May 31 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9644]: pam_unix(cron:session): session closed for user samftp
May 31 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Failed password for root from 202.133.90.219 port 36434 ssh2
May 31 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Connection closed by 202.133.90.219 port 36434 [preauth]
May 31 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Invalid user cmm from 103.103.245.61
May 31 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: input_userauth_request: invalid user cmm [preauth]
May 31 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.61
May 31 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user cmm from 103.103.245.61 port 55992 ssh2
May 31 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Received disconnect from 103.103.245.61 port 55992:11: Bye Bye [preauth]
May 31 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Disconnected from 103.103.245.61 port 55992 [preauth]
May 31 17:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session closed for user root
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user root
May 31 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session closed for user p13x
May 31 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: Successful su for rubyman by root
May 31 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: + ??? root:rubyman
May 31 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430559 of user rubyman.
May 31 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: pam_unix(su:session): session closed for user rubyman
May 31 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430559.
May 31 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7514]: pam_unix(cron:session): session closed for user root
May 31 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user samftp
May 31 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 17:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Failed password for root from 125.20.210.182 port 34258 ssh2
May 31 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Connection closed by 125.20.210.182 port 34258 [preauth]
May 31 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Failed password for root from 103.149.28.157 port 46136 ssh2
May 31 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Connection closed by 103.149.28.157 port 46136 [preauth]
May 31 17:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Failed password for root from 202.133.90.219 port 33700 ssh2
May 31 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Connection closed by 202.133.90.219 port 33700 [preauth]
May 31 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9213]: pam_unix(cron:session): session closed for user root
May 31 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Invalid user admin from 152.32.212.49
May 31 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: input_userauth_request: invalid user admin [preauth]
May 31 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.49
May 31 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Failed password for invalid user admin from 152.32.212.49 port 39246 ssh2
May 31 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Received disconnect from 152.32.212.49 port 39246:11: Bye Bye [preauth]
May 31 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Disconnected from 152.32.212.49 port 39246 [preauth]
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10731]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10732]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10729]: pam_unix(cron:session): session closed for user p13x
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: Successful su for rubyman by root
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: + ??? root:rubyman
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430566 of user rubyman.
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: pam_unix(su:session): session closed for user rubyman
May 31 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430566.
May 31 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8016]: pam_unix(cron:session): session closed for user root
May 31 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10730]: pam_unix(cron:session): session closed for user samftp
May 31 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9646]: pam_unix(cron:session): session closed for user root
May 31 17:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Failed password for root from 202.133.90.219 port 38086 ssh2
May 31 17:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Connection closed by 202.133.90.219 port 38086 [preauth]
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11157]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11158]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11155]: pam_unix(cron:session): session closed for user p13x
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: Successful su for rubyman by root
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: + ??? root:rubyman
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430569 of user rubyman.
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: pam_unix(su:session): session closed for user rubyman
May 31 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430569.
May 31 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session closed for user root
May 31 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11156]: pam_unix(cron:session): session closed for user samftp
May 31 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 17:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: Failed password for root from 103.153.68.219 port 60086 ssh2
May 31 17:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11455]: Connection closed by 103.153.68.219 port 60086 [preauth]
May 31 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
May 31 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Failed password for root from 202.133.90.219 port 53238 ssh2
May 31 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Connection closed by 202.133.90.219 port 53238 [preauth]
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session closed for user root
May 31 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user p13x
May 31 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11641]: Successful su for rubyman by root
May 31 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11641]: + ??? root:rubyman
May 31 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430575 of user rubyman.
May 31 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11641]: pam_unix(su:session): session closed for user rubyman
May 31 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430575.
May 31 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session closed for user root
May 31 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
May 31 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user samftp
May 31 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10732]: pam_unix(cron:session): session closed for user root
May 31 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session closed for user p13x
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: Successful su for rubyman by root
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: + ??? root:rubyman
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430579 of user rubyman.
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: pam_unix(su:session): session closed for user rubyman
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430579.
May 31 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: Failed password for root from 202.133.90.219 port 36468 ssh2
May 31 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: Connection closed by 202.133.90.219 port 36468 [preauth]
May 31 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session closed for user root
May 31 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session closed for user samftp
May 31 17:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 17:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Failed password for root from 194.113.233.25 port 46512 ssh2
May 31 17:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Connection closed by 194.113.233.25 port 46512 [preauth]
May 31 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11158]: pam_unix(cron:session): session closed for user root
May 31 17:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 17:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: Failed password for root from 185.156.73.233 port 35694 ssh2
May 31 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: Connection closed by 185.156.73.233 port 35694 [preauth]
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12594]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12593]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12591]: pam_unix(cron:session): session closed for user p13x
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: Successful su for rubyman by root
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: + ??? root:rubyman
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430582 of user rubyman.
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12656]: pam_unix(su:session): session closed for user rubyman
May 31 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430582.
May 31 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9645]: pam_unix(cron:session): session closed for user root
May 31 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session closed for user samftp
May 31 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Failed password for root from 202.133.90.219 port 58678 ssh2
May 31 17:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Connection closed by 202.133.90.219 port 58678 [preauth]
May 31 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session closed for user root
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13004]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13005]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13002]: pam_unix(cron:session): session closed for user p13x
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: Successful su for rubyman by root
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: + ??? root:rubyman
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430587 of user rubyman.
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: pam_unix(su:session): session closed for user rubyman
May 31 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430587.
May 31 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user root
May 31 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13003]: pam_unix(cron:session): session closed for user samftp
May 31 17:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: Failed password for root from 202.133.90.219 port 36838 ssh2
May 31 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: Connection closed by 202.133.90.219 port 36838 [preauth]
May 31 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user root
May 31 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13419]: pam_unix(cron:session): session closed for user p13x
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: Successful su for rubyman by root
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: + ??? root:rubyman
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430590 of user rubyman.
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13477]: pam_unix(su:session): session closed for user rubyman
May 31 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430590.
May 31 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13408]: Failed password for root from 125.20.210.182 port 53788 ssh2
May 31 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13408]: Connection closed by 125.20.210.182 port 53788 [preauth]
May 31 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10731]: pam_unix(cron:session): session closed for user root
May 31 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session closed for user samftp
May 31 17:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12594]: pam_unix(cron:session): session closed for user root
May 31 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Failed password for root from 202.133.90.219 port 53090 ssh2
May 31 17:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Connection closed by 202.133.90.219 port 53090 [preauth]
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session closed for user root
May 31 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session closed for user p13x
May 31 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13874]: Successful su for rubyman by root
May 31 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13874]: + ??? root:rubyman
May 31 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430596 of user rubyman.
May 31 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13874]: pam_unix(su:session): session closed for user rubyman
May 31 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430596.
May 31 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11157]: pam_unix(cron:session): session closed for user root
May 31 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session closed for user root
May 31 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session closed for user samftp
May 31 17:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13005]: pam_unix(cron:session): session closed for user root
May 31 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for root from 202.133.90.219 port 45354 ssh2
May 31 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 202.133.90.219 port 45354 [preauth]
May 31 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 17:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: Failed password for root from 193.228.128.84 port 33504 ssh2
May 31 17:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: Connection closed by 193.228.128.84 port 33504 [preauth]
May 31 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 17:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Failed password for root from 87.251.79.125 port 59204 ssh2
May 31 17:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Connection closed by 87.251.79.125 port 59204 [preauth]
May 31 17:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Failed password for root from 80.66.85.226 port 47364 ssh2
May 31 17:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Connection closed by 80.66.85.226 port 47364 [preauth]
May 31 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session closed for user p13x
May 31 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14303]: Successful su for rubyman by root
May 31 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14303]: + ??? root:rubyman
May 31 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430600 of user rubyman.
May 31 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14303]: pam_unix(su:session): session closed for user rubyman
May 31 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430600.
May 31 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user root
May 31 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session closed for user samftp
May 31 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Invalid user monitor from 193.24.211.100
May 31 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: input_userauth_request: invalid user monitor [preauth]
May 31 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100
May 31 17:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Failed password for invalid user monitor from 193.24.211.100 port 22797 ssh2
May 31 17:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Received disconnect from 193.24.211.100 port 22797:11: Client disconnecting normally [preauth]
May 31 17:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Disconnected from 193.24.211.100 port 22797 [preauth]
May 31 17:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session closed for user root
May 31 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14647]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session closed for user p13x
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Failed password for root from 202.133.90.219 port 52118 ssh2
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: Successful su for rubyman by root
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: + ??? root:rubyman
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430604 of user rubyman.
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: pam_unix(su:session): session closed for user rubyman
May 31 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430604.
May 31 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Connection closed by 202.133.90.219 port 52118 [preauth]
May 31 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session closed for user root
May 31 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14645]: pam_unix(cron:session): session closed for user samftp
May 31 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session closed for user root
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15113]: pam_unix(cron:session): session closed for user p13x
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: Successful su for rubyman by root
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: + ??? root:rubyman
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430608 of user rubyman.
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: pam_unix(su:session): session closed for user rubyman
May 31 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430608.
May 31 17:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12593]: pam_unix(cron:session): session closed for user root
May 31 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15114]: pam_unix(cron:session): session closed for user samftp
May 31 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Failed password for root from 202.133.90.219 port 50748 ssh2
May 31 17:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Connection closed by 202.133.90.219 port 50748 [preauth]
May 31 17:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 17:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: Failed password for root from 51.250.105.222 port 59610 ssh2
May 31 17:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: Connection closed by 51.250.105.222 port 59610 [preauth]
May 31 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session closed for user root
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15511]: pam_unix(cron:session): session closed for user p13x
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: Successful su for rubyman by root
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: + ??? root:rubyman
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430614 of user rubyman.
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: pam_unix(su:session): session closed for user rubyman
May 31 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430614.
May 31 17:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13004]: pam_unix(cron:session): session closed for user root
May 31 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15512]: pam_unix(cron:session): session closed for user samftp
May 31 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Failed password for root from 202.133.90.219 port 42060 ssh2
May 31 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Connection closed by 202.133.90.219 port 42060 [preauth]
May 31 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14647]: pam_unix(cron:session): session closed for user root
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15897]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user root
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15895]: pam_unix(cron:session): session closed for user p13x
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: Successful su for rubyman by root
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: + ??? root:rubyman
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430616 of user rubyman.
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: pam_unix(su:session): session closed for user rubyman
May 31 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430616.
May 31 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session closed for user root
May 31 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15897]: pam_unix(cron:session): session closed for user root
May 31 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15896]: pam_unix(cron:session): session closed for user samftp
May 31 17:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 17:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: Failed password for root from 185.236.22.41 port 48904 ssh2
May 31 17:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: Connection closed by 185.236.22.41 port 48904 [preauth]
May 31 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session closed for user root
May 31 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: User nobody from 125.20.210.182 not allowed because not listed in AllowUsers
May 31 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: input_userauth_request: invalid user nobody [preauth]
May 31 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=nobody
May 31 17:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Failed password for invalid user nobody from 125.20.210.182 port 45352 ssh2
May 31 17:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Connection closed by 125.20.210.182 port 45352 [preauth]
May 31 17:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Received disconnect from 151.237.79.243 port 53736:11: disconnected by user [preauth]
May 31 17:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Disconnected from 151.237.79.243 port 53736 [preauth]
May 31 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: Failed password for root from 202.133.90.219 port 34634 ssh2
May 31 17:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16264]: Connection closed by 202.133.90.219 port 34634 [preauth]
May 31 17:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Connection closed by 194.59.206.2 port 50742 [preauth]
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session closed for user p13x
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: Successful su for rubyman by root
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: + ??? root:rubyman
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430623 of user rubyman.
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: pam_unix(su:session): session closed for user rubyman
May 31 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430623.
May 31 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session closed for user root
May 31 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session closed for user samftp
May 31 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 17:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Failed password for root from 103.82.20.28 port 53388 ssh2
May 31 17:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Connection closed by 103.82.20.28 port 53388 [preauth]
May 31 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15514]: pam_unix(cron:session): session closed for user root
May 31 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: Invalid user admin from 45.148.10.121
May 31 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: input_userauth_request: invalid user admin [preauth]
May 31 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
May 31 17:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: Failed password for invalid user admin from 45.148.10.121 port 47882 ssh2
May 31 17:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: Connection closed by 45.148.10.121 port 47882 [preauth]
May 31 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Failed password for root from 202.133.90.219 port 44304 ssh2
May 31 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Connection closed by 202.133.90.219 port 44304 [preauth]
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16723]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16721]: pam_unix(cron:session): session closed for user p13x
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: Successful su for rubyman by root
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: + ??? root:rubyman
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430626 of user rubyman.
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: pam_unix(su:session): session closed for user rubyman
May 31 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430626.
May 31 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session closed for user root
May 31 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session closed for user samftp
May 31 17:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Failed password for root from 109.172.54.111 port 39802 ssh2
May 31 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Connection closed by 109.172.54.111 port 39802 [preauth]
May 31 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user root
May 31 17:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17108]: pam_unix(cron:session): session closed for user p13x
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17166]: Successful su for rubyman by root
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17166]: + ??? root:rubyman
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430631 of user rubyman.
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17166]: pam_unix(su:session): session closed for user rubyman
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430631.
May 31 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Failed password for root from 202.133.90.219 port 50356 ssh2
May 31 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14646]: pam_unix(cron:session): session closed for user root
May 31 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Connection closed by 202.133.90.219 port 50356 [preauth]
May 31 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17109]: pam_unix(cron:session): session closed for user samftp
May 31 17:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: Invalid user matrix from 185.156.73.233
May 31 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: input_userauth_request: invalid user matrix [preauth]
May 31 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 17:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: Failed password for invalid user matrix from 185.156.73.233 port 62894 ssh2
May 31 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: Connection closed by 185.156.73.233 port 62894 [preauth]
May 31 17:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session closed for user root
May 31 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 17:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Failed password for root from 37.233.85.71 port 49110 ssh2
May 31 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Connection closed by 37.233.85.71 port 49110 [preauth]
May 31 17:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Failed password for root from 38.93.206.2 port 55192 ssh2
May 31 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Connection closed by 38.93.206.2 port 55192 [preauth]
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session closed for user p13x
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17570]: Successful su for rubyman by root
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17570]: + ??? root:rubyman
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430635 of user rubyman.
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17570]: pam_unix(su:session): session closed for user rubyman
May 31 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430635.
May 31 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session closed for user root
May 31 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session closed for user samftp
May 31 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17840]: Failed password for root from 202.133.90.219 port 48604 ssh2
May 31 17:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17840]: Connection closed by 202.133.90.219 port 48604 [preauth]
May 31 17:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session closed for user root
May 31 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17980]: Bad protocol version identification 'GET / HTTP/1.1' from 45.56.79.53 port 41986
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17997]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17993]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session closed for user root
May 31 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17991]: pam_unix(cron:session): session closed for user p13x
May 31 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18073]: Successful su for rubyman by root
May 31 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18073]: + ??? root:rubyman
May 31 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430640 of user rubyman.
May 31 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18073]: pam_unix(su:session): session closed for user rubyman
May 31 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430640.
May 31 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15513]: pam_unix(cron:session): session closed for user root
May 31 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17993]: pam_unix(cron:session): session closed for user root
May 31 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17992]: pam_unix(cron:session): session closed for user samftp
May 31 17:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: Failed password for root from 202.133.90.219 port 49546 ssh2
May 31 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: Connection closed by 202.133.90.219 port 49546 [preauth]
May 31 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session closed for user root
May 31 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Failed password for root from 103.176.20.57 port 34108 ssh2
May 31 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Connection closed by 103.176.20.57 port 34108 [preauth]
May 31 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18534]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18535]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session closed for user p13x
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: Successful su for rubyman by root
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: + ??? root:rubyman
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430645 of user rubyman.
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: pam_unix(su:session): session closed for user rubyman
May 31 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430645.
May 31 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session closed for user root
May 31 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18533]: pam_unix(cron:session): session closed for user samftp
May 31 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for root from 62.133.62.83 port 58000 ssh2
May 31 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Connection closed by 62.133.62.83 port 58000 [preauth]
May 31 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session closed for user root
May 31 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Failed password for root from 202.133.90.219 port 53430 ssh2
May 31 17:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Connection closed by 202.133.90.219 port 53430 [preauth]
May 31 17:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session closed for user p13x
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19024]: Successful su for rubyman by root
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19024]: + ??? root:rubyman
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430649 of user rubyman.
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19024]: pam_unix(su:session): session closed for user rubyman
May 31 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430649.
May 31 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session closed for user root
May 31 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Invalid user kali from 125.20.210.182
May 31 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: input_userauth_request: invalid user kali [preauth]
May 31 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18964]: pam_unix(cron:session): session closed for user samftp
May 31 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Failed password for invalid user kali from 125.20.210.182 port 42618 ssh2
May 31 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Connection closed by 125.20.210.182 port 42618 [preauth]
May 31 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session closed for user root
May 31 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for root from 202.133.90.219 port 34812 ssh2
May 31 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Connection closed by 202.133.90.219 port 34812 [preauth]
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19457]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session closed for user p13x
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: Successful su for rubyman by root
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: + ??? root:rubyman
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430653 of user rubyman.
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19710]: pam_unix(su:session): session closed for user rubyman
May 31 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430653.
May 31 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16723]: pam_unix(cron:session): session closed for user root
May 31 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user samftp
May 31 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18535]: pam_unix(cron:session): session closed for user root
May 31 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Received disconnect from 195.62.32.180 port 57628:11: disconnected by user [preauth]
May 31 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Disconnected from 195.62.32.180 port 57628 [preauth]
May 31 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20068]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20064]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session closed for user p13x
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: Successful su for rubyman by root
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: + ??? root:rubyman
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430656 of user rubyman.
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: pam_unix(su:session): session closed for user rubyman
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430656.
May 31 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20064]: pam_unix(cron:session): session closed for user root
May 31 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session closed for user root
May 31 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session closed for user samftp
May 31 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: Failed password for root from 202.133.90.219 port 38436 ssh2
May 31 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: Connection closed by 202.133.90.219 port 38436 [preauth]
May 31 17:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for root from 46.19.67.181 port 32812 ssh2
May 31 17:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Connection closed by 46.19.67.181 port 32812 [preauth]
May 31 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session closed for user root
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user root
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20689]: pam_unix(cron:session): session closed for user p13x
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20821]: Successful su for rubyman by root
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20821]: + ??? root:rubyman
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430663 of user rubyman.
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20821]: pam_unix(su:session): session closed for user rubyman
May 31 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430663.
May 31 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17513]: pam_unix(cron:session): session closed for user root
May 31 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
May 31 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20700]: pam_unix(cron:session): session closed for user samftp
May 31 17:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Failed password for root from 202.133.90.219 port 58776 ssh2
May 31 17:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Connection closed by 202.133.90.219 port 58776 [preauth]
May 31 17:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19458]: pam_unix(cron:session): session closed for user root
May 31 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21195]: pam_unix(cron:session): session closed for user p13x
May 31 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21259]: Successful su for rubyman by root
May 31 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21259]: + ??? root:rubyman
May 31 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430667 of user rubyman.
May 31 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21259]: pam_unix(su:session): session closed for user rubyman
May 31 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430667.
May 31 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17997]: pam_unix(cron:session): session closed for user root
May 31 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session closed for user samftp
May 31 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session closed for user root
May 31 17:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21520]: Failed password for root from 202.133.90.219 port 50290 ssh2
May 31 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21520]: Connection closed by 202.133.90.219 port 50290 [preauth]
May 31 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session closed for user p13x
May 31 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21683]: Successful su for rubyman by root
May 31 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21683]: + ??? root:rubyman
May 31 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430671 of user rubyman.
May 31 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21683]: pam_unix(su:session): session closed for user rubyman
May 31 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430671.
May 31 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18534]: pam_unix(cron:session): session closed for user root
May 31 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session closed for user samftp
May 31 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Failed password for root from 193.37.70.224 port 54444 ssh2
May 31 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Connection closed by 193.37.70.224 port 54444 [preauth]
May 31 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user root
May 31 17:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Failed password for root from 202.133.90.219 port 58856 ssh2
May 31 17:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Connection closed by 202.133.90.219 port 58856 [preauth]
May 31 17:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Invalid user user from 2.57.121.25
May 31 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: input_userauth_request: invalid user user [preauth]
May 31 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 17:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Failed password for invalid user user from 2.57.121.25 port 36673 ssh2
May 31 17:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Failed password for invalid user user from 2.57.121.25 port 36673 ssh2
May 31 17:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Failed password for invalid user user from 2.57.121.25 port 36673 ssh2
May 31 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Failed password for invalid user user from 2.57.121.25 port 36673 ssh2
May 31 17:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Failed password for invalid user user from 2.57.121.25 port 36673 ssh2
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Received disconnect from 2.57.121.25 port 36673:11: Bye [preauth]
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: Disconnected from 2.57.121.25 port 36673 [preauth]
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21998]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22020]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22019]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22017]: pam_unix(cron:session): session closed for user p13x
May 31 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: Successful su for rubyman by root
May 31 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: + ??? root:rubyman
May 31 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430675 of user rubyman.
May 31 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: pam_unix(su:session): session closed for user rubyman
May 31 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430675.
May 31 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session closed for user root
May 31 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22018]: pam_unix(cron:session): session closed for user samftp
May 31 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Invalid user linaro from 125.20.210.182
May 31 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: input_userauth_request: invalid user linaro [preauth]
May 31 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Failed password for invalid user linaro from 125.20.210.182 port 32910 ssh2
May 31 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Connection closed by 125.20.210.182 port 32910 [preauth]
May 31 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session closed for user root
May 31 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Failed password for root from 103.122.221.179 port 40246 ssh2
May 31 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Connection closed by 103.122.221.179 port 40246 [preauth]
May 31 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22428]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22427]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22425]: pam_unix(cron:session): session closed for user p13x
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22487]: Successful su for rubyman by root
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22487]: + ??? root:rubyman
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430680 of user rubyman.
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22487]: pam_unix(su:session): session closed for user rubyman
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430680.
May 31 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Received disconnect from 217.156.64.228 port 51672:11: disconnected by user [preauth]
May 31 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Disconnected from 217.156.64.228 port 51672 [preauth]
May 31 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19457]: pam_unix(cron:session): session closed for user root
May 31 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Failed password for root from 202.133.90.219 port 40204 ssh2
May 31 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Connection closed by 202.133.90.219 port 40204 [preauth]
May 31 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22426]: pam_unix(cron:session): session closed for user samftp
May 31 17:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 17:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22674]: Failed password for root from 103.15.222.183 port 57566 ssh2
May 31 17:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22674]: Connection closed by 103.15.222.183 port 57566 [preauth]
May 31 17:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Did not receive identification string from 170.82.76.2
May 31 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for root from 170.82.76.2 port 60452 ssh2
May 31 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Connection closed by 170.82.76.2 port 60452 [preauth]
May 31 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user root
May 31 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Invalid user default from 185.156.73.233
May 31 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: input_userauth_request: invalid user default [preauth]
May 31 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Failed password for invalid user default from 185.156.73.233 port 58338 ssh2
May 31 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Connection closed by 185.156.73.233 port 58338 [preauth]
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22818]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session closed for user root
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22816]: pam_unix(cron:session): session closed for user p13x
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: Successful su for rubyman by root
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: + ??? root:rubyman
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430686 of user rubyman.
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: pam_unix(su:session): session closed for user rubyman
May 31 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430686.
May 31 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22818]: pam_unix(cron:session): session closed for user root
May 31 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20068]: pam_unix(cron:session): session closed for user root
May 31 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22817]: pam_unix(cron:session): session closed for user samftp
May 31 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: Failed password for root from 202.133.90.219 port 46854 ssh2
May 31 17:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: Connection closed by 202.133.90.219 port 46854 [preauth]
May 31 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Invalid user admin from 2.57.121.112
May 31 17:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: input_userauth_request: invalid user admin [preauth]
May 31 17:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for invalid user admin from 2.57.121.112 port 64366 ssh2
May 31 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22020]: pam_unix(cron:session): session closed for user root
May 31 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for invalid user admin from 2.57.121.112 port 64366 ssh2
May 31 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for invalid user admin from 2.57.121.112 port 64366 ssh2
May 31 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for invalid user admin from 2.57.121.112 port 64366 ssh2
May 31 17:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for invalid user admin from 2.57.121.112 port 64366 ssh2
May 31 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Received disconnect from 2.57.121.112 port 64366:11: Bye [preauth]
May 31 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Disconnected from 2.57.121.112 port 64366 [preauth]
May 31 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23240]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23238]: pam_unix(cron:session): session closed for user p13x
May 31 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23313]: Successful su for rubyman by root
May 31 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23313]: + ??? root:rubyman
May 31 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430689 of user rubyman.
May 31 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23313]: pam_unix(su:session): session closed for user rubyman
May 31 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430689.
May 31 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session closed for user root
May 31 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session closed for user samftp
May 31 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Failed password for root from 202.133.90.219 port 49512 ssh2
May 31 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Connection closed by 202.133.90.219 port 49512 [preauth]
May 31 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22428]: pam_unix(cron:session): session closed for user root
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23657]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23656]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23654]: pam_unix(cron:session): session closed for user p13x
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23722]: Successful su for rubyman by root
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23722]: + ??? root:rubyman
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430694 of user rubyman.
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23722]: pam_unix(su:session): session closed for user rubyman
May 31 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430694.
May 31 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session closed for user root
May 31 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23655]: pam_unix(cron:session): session closed for user samftp
May 31 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session closed for user root
May 31 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Failed password for root from 202.133.90.219 port 49276 ssh2
May 31 17:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Connection closed by 202.133.90.219 port 49276 [preauth]
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24162]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session closed for user p13x
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24228]: Successful su for rubyman by root
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24228]: + ??? root:rubyman
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430698 of user rubyman.
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24228]: pam_unix(su:session): session closed for user rubyman
May 31 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430698.
May 31 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user root
May 31 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user samftp
May 31 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session closed for user root
May 31 17:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Failed password for root from 202.133.90.219 port 52614 ssh2
May 31 17:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Connection closed by 202.133.90.219 port 52614 [preauth]
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24592]: pam_unix(cron:session): session closed for user p13x
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: Successful su for rubyman by root
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: + ??? root:rubyman
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430703 of user rubyman.
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: pam_unix(su:session): session closed for user rubyman
May 31 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430703.
May 31 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22019]: pam_unix(cron:session): session closed for user root
May 31 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24593]: pam_unix(cron:session): session closed for user samftp
May 31 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23657]: pam_unix(cron:session): session closed for user root
May 31 17:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 17:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Failed password for root from 125.20.210.182 port 50452 ssh2
May 31 17:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Connection closed by 125.20.210.182 port 50452 [preauth]
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25004]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25003]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25005]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25005]: pam_unix(cron:session): session closed for user root
May 31 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user p13x
May 31 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: Successful su for rubyman by root
May 31 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: + ??? root:rubyman
May 31 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430707 of user rubyman.
May 31 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: pam_unix(su:session): session closed for user rubyman
May 31 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430707.
May 31 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22427]: pam_unix(cron:session): session closed for user root
May 31 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session closed for user root
May 31 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user samftp
May 31 17:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Failed password for root from 202.133.90.219 port 51982 ssh2
May 31 17:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Connection closed by 202.133.90.219 port 51982 [preauth]
May 31 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24162]: pam_unix(cron:session): session closed for user root
May 31 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Invalid user exmerge from 67.207.84.8
May 31 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: input_userauth_request: invalid user exmerge [preauth]
May 31 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Failed password for invalid user exmerge from 67.207.84.8 port 35560 ssh2
May 31 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Connection closed by 67.207.84.8 port 35560 [preauth]
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25436]: pam_unix(cron:session): session closed for user p13x
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25509]: Successful su for rubyman by root
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25509]: + ??? root:rubyman
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430712 of user rubyman.
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25509]: pam_unix(su:session): session closed for user rubyman
May 31 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430712.
May 31 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session closed for user root
May 31 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25437]: pam_unix(cron:session): session closed for user samftp
May 31 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Failed password for root from 202.133.90.219 port 54266 ssh2
May 31 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Connection closed by 202.133.90.219 port 54266 [preauth]
May 31 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session closed for user root
May 31 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25827]: Received disconnect from 199.127.63.58 port 58864:11: disconnected by user [preauth]
May 31 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25827]: Disconnected from 199.127.63.58 port 58864 [preauth]
May 31 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25840]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25838]: pam_unix(cron:session): session closed for user p13x
May 31 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25898]: Successful su for rubyman by root
May 31 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25898]: + ??? root:rubyman
May 31 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430715 of user rubyman.
May 31 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25898]: pam_unix(su:session): session closed for user rubyman
May 31 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430715.
May 31 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23240]: pam_unix(cron:session): session closed for user root
May 31 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25839]: pam_unix(cron:session): session closed for user samftp
May 31 17:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25004]: pam_unix(cron:session): session closed for user root
May 31 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Failed password for root from 202.133.90.219 port 36500 ssh2
May 31 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Connection closed by 202.133.90.219 port 36500 [preauth]
May 31 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 17:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Failed password for root from 147.45.197.250 port 46264 ssh2
May 31 17:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26209]: Connection closed by 147.45.197.250 port 46264 [preauth]
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session closed for user p13x
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26291]: Successful su for rubyman by root
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26291]: + ??? root:rubyman
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430720 of user rubyman.
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26291]: pam_unix(su:session): session closed for user rubyman
May 31 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430720.
May 31 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23656]: pam_unix(cron:session): session closed for user root
May 31 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user samftp
May 31 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25439]: pam_unix(cron:session): session closed for user root
May 31 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Failed password for root from 202.133.90.219 port 58200 ssh2
May 31 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Connection closed by 202.133.90.219 port 58200 [preauth]
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session closed for user p13x
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26778]: Successful su for rubyman by root
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26778]: + ??? root:rubyman
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430724 of user rubyman.
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26778]: pam_unix(su:session): session closed for user rubyman
May 31 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430724.
May 31 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session closed for user root
May 31 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26631]: pam_unix(cron:session): session closed for user samftp
May 31 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Failed password for root from 109.237.96.109 port 57066 ssh2
May 31 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Connection closed by 109.237.96.109 port 57066 [preauth]
May 31 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session closed for user root
May 31 17:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Failed password for root from 202.133.90.219 port 36722 ssh2
May 31 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Connection closed by 202.133.90.219 port 36722 [preauth]
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27110]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27113]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27113]: pam_unix(cron:session): session closed for user root
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session closed for user p13x
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27180]: Successful su for rubyman by root
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27180]: + ??? root:rubyman
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430731 of user rubyman.
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27180]: pam_unix(su:session): session closed for user rubyman
May 31 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430731.
May 31 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session closed for user root
May 31 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session closed for user root
May 31 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session closed for user samftp
May 31 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session closed for user root
May 31 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27564]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27565]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27562]: pam_unix(cron:session): session closed for user p13x
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: Successful su for rubyman by root
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: + ??? root:rubyman
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430734 of user rubyman.
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: pam_unix(su:session): session closed for user rubyman
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430734.
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Failed password for root from 185.156.73.233 port 39122 ssh2
May 31 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Connection closed by 185.156.73.233 port 39122 [preauth]
May 31 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25003]: pam_unix(cron:session): session closed for user root
May 31 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27563]: pam_unix(cron:session): session closed for user samftp
May 31 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Failed password for root from 202.133.90.219 port 38416 ssh2
May 31 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Connection closed by 202.133.90.219 port 38416 [preauth]
May 31 17:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 17:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Failed password for root from 125.20.210.182 port 42784 ssh2
May 31 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session closed for user root
May 31 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Connection closed by 125.20.210.182 port 42784 [preauth]
May 31 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Failed password for root from 103.172.78.219 port 43074 ssh2
May 31 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Connection closed by 103.172.78.219 port 43074 [preauth]
May 31 17:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for root from 103.173.227.57 port 44070 ssh2
May 31 17:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Connection closed by 103.173.227.57 port 44070 [preauth]
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27987]: pam_unix(cron:session): session closed for user p13x
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28055]: Successful su for rubyman by root
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28055]: + ??? root:rubyman
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430737 of user rubyman.
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28055]: pam_unix(su:session): session closed for user rubyman
May 31 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430737.
May 31 17:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25438]: pam_unix(cron:session): session closed for user root
May 31 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session closed for user samftp
May 31 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Failed password for root from 202.133.90.219 port 47800 ssh2
May 31 17:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Connection closed by 202.133.90.219 port 47800 [preauth]
May 31 17:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Invalid user openvpn from 193.24.211.100
May 31 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: input_userauth_request: invalid user openvpn [preauth]
May 31 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): check pass; user unknown
May 31 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100
May 31 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27111]: pam_unix(cron:session): session closed for user root
May 31 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Failed password for invalid user openvpn from 193.24.211.100 port 27138 ssh2
May 31 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Received disconnect from 193.24.211.100 port 27138:11: Client disconnecting normally [preauth]
May 31 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Disconnected from 193.24.211.100 port 27138 [preauth]
May 31 17:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Failed password for root from 170.82.76.2 port 53834 ssh2
May 31 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Connection closed by 170.82.76.2 port 53834 [preauth]
May 31 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session closed for user p13x
May 31 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: Successful su for rubyman by root
May 31 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: + ??? root:rubyman
May 31 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430742 of user rubyman.
May 31 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28498]: pam_unix(su:session): session closed for user rubyman
May 31 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430742.
May 31 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25840]: pam_unix(cron:session): session closed for user root
May 31 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session closed for user samftp
May 31 17:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Failed password for root from 202.133.90.219 port 54216 ssh2
May 31 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27565]: pam_unix(cron:session): session closed for user root
May 31 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Connection closed by 202.133.90.219 port 54216 [preauth]
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28930]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28927]: pam_unix(cron:session): session closed for user p13x
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: Successful su for rubyman by root
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: + ??? root:rubyman
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430745 of user rubyman.
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: pam_unix(su:session): session closed for user rubyman
May 31 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430745.
May 31 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user root
May 31 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28928]: pam_unix(cron:session): session closed for user samftp
May 31 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session closed for user root
May 31 17:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 17:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Failed password for root from 202.133.90.219 port 49940 ssh2
May 31 17:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Connection closed by 202.133.90.219 port 49940 [preauth]
May 31 17:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 17:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 17:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Failed password for root from 147.45.199.80 port 35164 ssh2
May 31 17:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Connection closed by 147.45.199.80 port 35164 [preauth]
May 31 18:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Invalid user papaverales from 173.254.234.162
May 31 18:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: input_userauth_request: invalid user papaverales [preauth]
May 31 18:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user root
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29360]: pam_unix(cron:session): session closed for user root
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session closed for user p13x
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: Successful su for rubyman by root
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: + ??? root:rubyman
May 31 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430749 of user rubyman.
May 31 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session closed for user rubyman
May 31 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430749.
May 31 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Failed password for invalid user papaverales from 173.254.234.162 port 37940 ssh2
May 31 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Connection closed by 173.254.234.162 port 37940 [preauth]
May 31 18:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session closed for user root
May 31 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user root
May 31 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29359]: pam_unix(cron:session): session closed for user samftp
May 31 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session closed for user root
May 31 18:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: Failed password for root from 202.133.90.219 port 52838 ssh2
May 31 18:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: Connection closed by 202.133.90.219 port 52838 [preauth]
May 31 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29986]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session closed for user p13x
May 31 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30054]: Successful su for rubyman by root
May 31 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30054]: + ??? root:rubyman
May 31 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430756 of user rubyman.
May 31 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30054]: pam_unix(su:session): session closed for user rubyman
May 31 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430756.
May 31 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27110]: pam_unix(cron:session): session closed for user root
May 31 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session closed for user samftp
May 31 18:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session closed for user root
May 31 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Received disconnect from 31.42.184.185 port 36096:11: disconnected by user [preauth]
May 31 18:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Disconnected from 31.42.184.185 port 36096 [preauth]
May 31 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30411]: pam_unix(cron:session): session closed for user p13x
May 31 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: Successful su for rubyman by root
May 31 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: + ??? root:rubyman
May 31 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430760 of user rubyman.
May 31 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: pam_unix(su:session): session closed for user rubyman
May 31 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430760.
May 31 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27564]: pam_unix(cron:session): session closed for user root
May 31 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session closed for user samftp
May 31 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Failed password for root from 202.133.90.219 port 47782 ssh2
May 31 18:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30409]: Connection closed by 202.133.90.219 port 47782 [preauth]
May 31 18:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Received disconnect from 148.113.201.25 port 50660:11: disconnected by user [preauth]
May 31 18:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Disconnected from 148.113.201.25 port 50660 [preauth]
May 31 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user root
May 31 18:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 18:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Failed password for root from 103.77.175.15 port 54004 ssh2
May 31 18:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Connection closed by 103.77.175.15 port 54004 [preauth]
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30829]: pam_unix(cron:session): session closed for user p13x
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: Successful su for rubyman by root
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: + ??? root:rubyman
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430765 of user rubyman.
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: pam_unix(su:session): session closed for user rubyman
May 31 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430765.
May 31 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session closed for user root
May 31 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30830]: pam_unix(cron:session): session closed for user samftp
May 31 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Failed password for root from 125.20.210.182 port 33214 ssh2
May 31 18:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Connection closed by 125.20.210.182 port 33214 [preauth]
May 31 18:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: Failed password for root from 202.133.90.219 port 57770 ssh2
May 31 18:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: Connection closed by 202.133.90.219 port 57770 [preauth]
May 31 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session closed for user root
May 31 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user p13x
May 31 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31393]: Successful su for rubyman by root
May 31 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31393]: + ??? root:rubyman
May 31 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430769 of user rubyman.
May 31 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31393]: pam_unix(su:session): session closed for user rubyman
May 31 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430769.
May 31 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session closed for user root
May 31 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session closed for user samftp
May 31 18:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Failed password for root from 202.133.90.219 port 44528 ssh2
May 31 18:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Connection closed by 202.133.90.219 port 44528 [preauth]
May 31 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session closed for user root
May 31 18:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Received disconnect from 192.210.199.98 port 32996:11: disconnected by user [preauth]
May 31 18:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Disconnected from 192.210.199.98 port 32996 [preauth]
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session closed for user root
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31833]: pam_unix(cron:session): session closed for user p13x
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: Successful su for rubyman by root
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: + ??? root:rubyman
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430773 of user rubyman.
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: pam_unix(su:session): session closed for user rubyman
May 31 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430773.
May 31 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28930]: pam_unix(cron:session): session closed for user root
May 31 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session closed for user root
May 31 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session closed for user samftp
May 31 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Failed password for root from 103.149.170.125 port 38090 ssh2
May 31 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Connection closed by 103.149.170.125 port 38090 [preauth]
May 31 18:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Received disconnect from 128.0.104.39 port 41420:11: disconnected by user [preauth]
May 31 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Disconnected from 128.0.104.39 port 41420 [preauth]
May 31 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user root
May 31 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 18:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Failed password for root from 202.133.90.219 port 51158 ssh2
May 31 18:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: Failed password for root from 103.77.242.62 port 47952 ssh2
May 31 18:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: Connection closed by 103.77.242.62 port 47952 [preauth]
May 31 18:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Connection closed by 202.133.90.219 port 51158 [preauth]
May 31 18:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 18:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Failed password for root from 80.94.95.115 port 31078 ssh2
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Connection closed by 80.94.95.115 port 31078 [preauth]
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32282]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32283]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32280]: pam_unix(cron:session): session closed for user p13x
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32345]: Successful su for rubyman by root
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32345]: + ??? root:rubyman
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430780 of user rubyman.
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32345]: pam_unix(su:session): session closed for user rubyman
May 31 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430780.
May 31 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user root
May 31 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session closed for user samftp
May 31 18:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 18:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Failed password for root from 103.82.132.16 port 48972 ssh2
May 31 18:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Connection closed by 103.82.132.16 port 48972 [preauth]
May 31 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
May 31 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Failed password for root from 202.133.90.219 port 55104 ssh2
May 31 18:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Connection closed by 202.133.90.219 port 55104 [preauth]
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32708]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32706]: pam_unix(cron:session): session closed for user p13x
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[304]: Successful su for rubyman by root
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[304]: + ??? root:rubyman
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430783 of user rubyman.
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[304]: pam_unix(su:session): session closed for user rubyman
May 31 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430783.
May 31 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29986]: pam_unix(cron:session): session closed for user root
May 31 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32707]: pam_unix(cron:session): session closed for user samftp
May 31 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session closed for user root
May 31 18:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session closed for user p13x
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[860]: Successful su for rubyman by root
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[860]: + ??? root:rubyman
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430786 of user rubyman.
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[860]: pam_unix(su:session): session closed for user rubyman
May 31 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430786.
May 31 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Failed password for root from 202.133.90.219 port 51778 ssh2
May 31 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Connection closed by 202.133.90.219 port 51778 [preauth]
May 31 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user root
May 31 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session closed for user samftp
May 31 18:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 18:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Failed password for root from 62.133.63.178 port 50418 ssh2
May 31 18:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Connection closed by 62.133.63.178 port 50418 [preauth]
May 31 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32283]: pam_unix(cron:session): session closed for user root
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1250]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1247]: pam_unix(cron:session): session closed for user p13x
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1370]: Successful su for rubyman by root
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1370]: + ??? root:rubyman
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430794 of user rubyman.
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1370]: pam_unix(su:session): session closed for user rubyman
May 31 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430794.
May 31 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session closed for user root
May 31 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session closed for user root
May 31 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1248]: pam_unix(cron:session): session closed for user samftp
May 31 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: Failed password for root from 202.133.90.219 port 43908 ssh2
May 31 18:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: Connection closed by 202.133.90.219 port 43908 [preauth]
May 31 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32709]: pam_unix(cron:session): session closed for user root
May 31 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Failed password for root from 125.20.210.182 port 45854 ssh2
May 31 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Connection closed by 125.20.210.182 port 45854 [preauth]
May 31 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 18:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Failed password for root from 94.159.98.239 port 37616 ssh2
May 31 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1836]: Connection closed by 94.159.98.239 port 37616 [preauth]
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1899]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1891]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1901]: pam_unix(cron:session): session closed for user root
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user p13x
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1988]: Successful su for rubyman by root
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1988]: + ??? root:rubyman
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430797 of user rubyman.
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1988]: pam_unix(su:session): session closed for user rubyman
May 31 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430797.
May 31 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session closed for user root
May 31 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user root
May 31 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session closed for user samftp
May 31 18:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for root from 202.133.90.219 port 41242 ssh2
May 31 18:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Connection closed by 202.133.90.219 port 41242 [preauth]
May 31 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session closed for user root
May 31 18:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Did not receive identification string from 94.102.49.125
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2408]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session closed for user p13x
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: Successful su for rubyman by root
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: + ??? root:rubyman
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430802 of user rubyman.
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: pam_unix(su:session): session closed for user rubyman
May 31 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430802.
May 31 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user root
May 31 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session closed for user samftp
May 31 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1250]: pam_unix(cron:session): session closed for user root
May 31 18:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Failed password for root from 202.133.90.219 port 47352 ssh2
May 31 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Connection closed by 202.133.90.219 port 47352 [preauth]
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user p13x
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2903]: Successful su for rubyman by root
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2903]: + ??? root:rubyman
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430805 of user rubyman.
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2903]: pam_unix(su:session): session closed for user rubyman
May 31 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430805.
May 31 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32282]: pam_unix(cron:session): session closed for user root
May 31 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session closed for user samftp
May 31 18:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1899]: pam_unix(cron:session): session closed for user root
May 31 18:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: Failed password for root from 202.133.90.219 port 52362 ssh2
May 31 18:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: Connection closed by 202.133.90.219 port 52362 [preauth]
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user p13x
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3293]: Successful su for rubyman by root
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3293]: + ??? root:rubyman
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430809 of user rubyman.
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3293]: pam_unix(su:session): session closed for user rubyman
May 31 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430809.
May 31 18:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32708]: pam_unix(cron:session): session closed for user root
May 31 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user samftp
May 31 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2408]: pam_unix(cron:session): session closed for user root
May 31 18:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Failed password for root from 202.133.90.219 port 47012 ssh2
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user p13x
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3785]: Successful su for rubyman by root
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3785]: + ??? root:rubyman
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430813 of user rubyman.
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3785]: pam_unix(su:session): session closed for user rubyman
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430813.
May 31 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Connection closed by 202.133.90.219 port 47012 [preauth]
May 31 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session closed for user root
May 31 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session closed for user samftp
May 31 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4063]: Failed password for root from 77.94.47.83 port 36600 ssh2
May 31 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4063]: Connection closed by 77.94.47.83 port 36600 [preauth]
May 31 18:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session closed for user root
May 31 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Failed password for root from 89.108.118.91 port 59080 ssh2
May 31 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Connection closed by 89.108.118.91 port 59080 [preauth]
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session closed for user root
May 31 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user p13x
May 31 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4295]: Successful su for rubyman by root
May 31 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4295]: + ??? root:rubyman
May 31 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430822 of user rubyman.
May 31 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4295]: pam_unix(su:session): session closed for user rubyman
May 31 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430822.
May 31 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session closed for user root
May 31 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1249]: pam_unix(cron:session): session closed for user root
May 31 18:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4219]: pam_unix(cron:session): session closed for user samftp
May 31 18:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Failed password for root from 202.133.90.219 port 36110 ssh2
May 31 18:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Connection closed by 202.133.90.219 port 36110 [preauth]
May 31 18:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 18:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 18:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Received disconnect from 91.193.18.110 port 49770:11: disconnected by user [preauth]
May 31 18:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Disconnected from 91.193.18.110 port 49770 [preauth]
May 31 18:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for root from 38.93.206.2 port 49444 ssh2
May 31 18:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 38.93.206.2 port 49444 [preauth]
May 31 18:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session closed for user root
May 31 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4667]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session closed for user p13x
May 31 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: Successful su for rubyman by root
May 31 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: + ??? root:rubyman
May 31 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430824 of user rubyman.
May 31 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: pam_unix(su:session): session closed for user rubyman
May 31 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430824.
May 31 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1891]: pam_unix(cron:session): session closed for user root
May 31 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session closed for user samftp
May 31 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Failed password for root from 125.20.210.182 port 40710 ssh2
May 31 18:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Connection closed by 125.20.210.182 port 40710 [preauth]
May 31 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4969]: Failed password for root from 202.133.90.219 port 50370 ssh2
May 31 18:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4969]: Connection closed by 202.133.90.219 port 50370 [preauth]
May 31 18:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user root
May 31 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5085]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5086]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5081]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5081]: pam_unix(cron:session): session closed for user root
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5083]: pam_unix(cron:session): session closed for user p13x
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: Successful su for rubyman by root
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: + ??? root:rubyman
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430827 of user rubyman.
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: pam_unix(su:session): session closed for user rubyman
May 31 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430827.
May 31 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: Invalid user anonymous from 80.94.95.115
May 31 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: input_userauth_request: invalid user anonymous [preauth]
May 31 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2407]: pam_unix(cron:session): session closed for user root
May 31 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: Failed password for invalid user anonymous from 80.94.95.115 port 55654 ssh2
May 31 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: Connection closed by 80.94.95.115 port 55654 [preauth]
May 31 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5084]: pam_unix(cron:session): session closed for user samftp
May 31 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session closed for user root
May 31 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Failed password for root from 202.133.90.219 port 44270 ssh2
May 31 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Connection closed by 202.133.90.219 port 44270 [preauth]
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5486]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session closed for user p13x
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: Successful su for rubyman by root
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: + ??? root:rubyman
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430833 of user rubyman.
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: pam_unix(su:session): session closed for user rubyman
May 31 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430833.
May 31 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session closed for user root
May 31 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5484]: pam_unix(cron:session): session closed for user samftp
May 31 18:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 18:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for root from 194.113.233.25 port 54706 ssh2
May 31 18:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Connection closed by 194.113.233.25 port 54706 [preauth]
May 31 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session closed for user root
May 31 18:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: Failed password for root from 202.133.90.219 port 50048 ssh2
May 31 18:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: Connection closed by 202.133.90.219 port 50048 [preauth]
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5875]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5876]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5873]: pam_unix(cron:session): session closed for user p13x
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5931]: Successful su for rubyman by root
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5931]: + ??? root:rubyman
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430836 of user rubyman.
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5931]: pam_unix(su:session): session closed for user rubyman
May 31 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430836.
May 31 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session closed for user root
May 31 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session closed for user samftp
May 31 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5086]: pam_unix(cron:session): session closed for user root
May 31 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 18:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for root from 103.27.238.114 port 39390 ssh2
May 31 18:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Connection closed by 103.27.238.114 port 39390 [preauth]
May 31 18:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6256]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6257]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session closed for user root
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6254]: pam_unix(cron:session): session closed for user p13x
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: Successful su for rubyman by root
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: + ??? root:rubyman
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430845 of user rubyman.
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: pam_unix(su:session): session closed for user rubyman
May 31 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430845.
May 31 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user root
May 31 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Failed password for root from 202.133.90.219 port 33912 ssh2
May 31 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6256]: pam_unix(cron:session): session closed for user root
May 31 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Connection closed by 202.133.90.219 port 33912 [preauth]
May 31 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6255]: pam_unix(cron:session): session closed for user samftp
May 31 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5486]: pam_unix(cron:session): session closed for user root
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6676]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6674]: pam_unix(cron:session): session closed for user p13x
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: Successful su for rubyman by root
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: + ??? root:rubyman
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430848 of user rubyman.
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: pam_unix(su:session): session closed for user rubyman
May 31 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430848.
May 31 18:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session closed for user root
May 31 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6675]: pam_unix(cron:session): session closed for user samftp
May 31 18:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6959]: Failed password for root from 202.133.90.219 port 55028 ssh2
May 31 18:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6959]: Connection closed by 202.133.90.219 port 55028 [preauth]
May 31 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5876]: pam_unix(cron:session): session closed for user root
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7188]: pam_unix(cron:session): session closed for user p13x
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7253]: Successful su for rubyman by root
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7253]: + ??? root:rubyman
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430850 of user rubyman.
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7253]: pam_unix(su:session): session closed for user rubyman
May 31 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430850.
May 31 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4667]: pam_unix(cron:session): session closed for user root
May 31 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session closed for user samftp
May 31 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May 31 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Failed password for root from 158.51.96.38 port 16242 ssh2
May 31 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Connection closed by 158.51.96.38 port 16242 [preauth]
May 31 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May 31 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for root from 158.51.96.38 port 16246 ssh2
May 31 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Connection closed by 158.51.96.38 port 16246 [preauth]
May 31 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May 31 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for root from 158.51.96.38 port 16262 ssh2
May 31 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Connection closed by 158.51.96.38 port 16262 [preauth]
May 31 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May 31 18:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for root from 158.51.96.38 port 16278 ssh2
May 31 18:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection closed by 158.51.96.38 port 16278 [preauth]
May 31 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for root from 202.133.90.219 port 59834 ssh2
May 31 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection closed by 202.133.90.219 port 59834 [preauth]
May 31 18:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session closed for user root
May 31 18:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7542]: Failed password for root from 125.20.210.182 port 57810 ssh2
May 31 18:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7542]: Connection closed by 125.20.210.182 port 57810 [preauth]
May 31 18:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: Failed password for root from 80.66.85.226 port 53356 ssh2
May 31 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: Connection closed by 80.66.85.226 port 53356 [preauth]
May 31 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7605]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user p13x
May 31 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7760]: Successful su for rubyman by root
May 31 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7760]: + ??? root:rubyman
May 31 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430856 of user rubyman.
May 31 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7760]: pam_unix(su:session): session closed for user rubyman
May 31 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430856.
May 31 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5085]: pam_unix(cron:session): session closed for user root
May 31 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user samftp
May 31 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Received disconnect from 209.90.232.249 port 34778:11: disconnected by user [preauth]
May 31 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Disconnected from 209.90.232.249 port 34778 [preauth]
May 31 18:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Failed password for root from 202.133.90.219 port 52444 ssh2
May 31 18:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Connection closed by 202.133.90.219 port 52444 [preauth]
May 31 18:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session closed for user root
May 31 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8090]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8091]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session closed for user p13x
May 31 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: Successful su for rubyman by root
May 31 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: + ??? root:rubyman
May 31 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430858 of user rubyman.
May 31 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: pam_unix(su:session): session closed for user rubyman
May 31 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430858.
May 31 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session closed for user root
May 31 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8088]: pam_unix(cron:session): session closed for user samftp
May 31 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session closed for user root
May 31 18:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Failed password for root from 202.133.90.219 port 38406 ssh2
May 31 18:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Connection closed by 202.133.90.219 port 38406 [preauth]
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user root
May 31 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8475]: pam_unix(cron:session): session closed for user p13x
May 31 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: Successful su for rubyman by root
May 31 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: + ??? root:rubyman
May 31 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430865 of user rubyman.
May 31 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: pam_unix(su:session): session closed for user rubyman
May 31 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430865.
May 31 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session closed for user root
May 31 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5875]: pam_unix(cron:session): session closed for user root
May 31 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session closed for user samftp
May 31 18:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 18:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Failed password for root from 103.27.238.120 port 39874 ssh2
May 31 18:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Failed password for root from 103.27.238.116 port 49356 ssh2
May 31 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Connection closed by 103.27.238.120 port 39874 [preauth]
May 31 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Connection closed by 103.27.238.116 port 49356 [preauth]
May 31 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for root from 87.251.79.125 port 42848 ssh2
May 31 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Connection closed by 87.251.79.125 port 42848 [preauth]
May 31 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7605]: pam_unix(cron:session): session closed for user root
May 31 18:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Failed password for root from 202.133.90.219 port 59950 ssh2
May 31 18:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Connection closed by 202.133.90.219 port 59950 [preauth]
May 31 18:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Invalid user Administrator from 185.156.73.233
May 31 18:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: input_userauth_request: invalid user Administrator [preauth]
May 31 18:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Failed none for invalid user Administrator from 185.156.73.233 port 56838 ssh2
May 31 18:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Connection closed by 185.156.73.233 port 56838 [preauth]
May 31 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session closed for user p13x
May 31 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: Successful su for rubyman by root
May 31 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: + ??? root:rubyman
May 31 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430868 of user rubyman.
May 31 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: pam_unix(su:session): session closed for user rubyman
May 31 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430868.
May 31 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6257]: pam_unix(cron:session): session closed for user root
May 31 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session closed for user samftp
May 31 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9162]: Did not receive identification string from 106.241.31.17
May 31 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Invalid user factped from 106.241.31.17
May 31 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: input_userauth_request: invalid user factped [preauth]
May 31 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.241.31.17
May 31 18:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Failed password for invalid user factped from 106.241.31.17 port 43738 ssh2
May 31 18:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Connection closed by 106.241.31.17 port 43738 [preauth]
May 31 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8091]: pam_unix(cron:session): session closed for user root
May 31 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Failed password for root from 193.228.128.84 port 46092 ssh2
May 31 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Connection closed by 193.228.128.84 port 46092 [preauth]
May 31 18:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9328]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9329]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9326]: pam_unix(cron:session): session closed for user p13x
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9386]: Successful su for rubyman by root
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9386]: + ??? root:rubyman
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430874 of user rubyman.
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9386]: pam_unix(su:session): session closed for user rubyman
May 31 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430874.
May 31 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6676]: pam_unix(cron:session): session closed for user root
May 31 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: Failed password for root from 202.133.90.219 port 58922 ssh2
May 31 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9327]: pam_unix(cron:session): session closed for user samftp
May 31 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: Connection closed by 202.133.90.219 port 58922 [preauth]
May 31 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8480]: pam_unix(cron:session): session closed for user root
May 31 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9712]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session closed for user p13x
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9770]: Successful su for rubyman by root
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9770]: + ??? root:rubyman
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430876 of user rubyman.
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9770]: pam_unix(su:session): session closed for user rubyman
May 31 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430876.
May 31 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session closed for user root
May 31 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9711]: pam_unix(cron:session): session closed for user samftp
May 31 18:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: Failed password for root from 202.133.90.219 port 55730 ssh2
May 31 18:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: Connection closed by 202.133.90.219 port 55730 [preauth]
May 31 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session closed for user root
May 31 18:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Invalid user pi from 193.24.211.100
May 31 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: input_userauth_request: invalid user pi [preauth]
May 31 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100
May 31 18:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Failed password for invalid user pi from 193.24.211.100 port 53263 ssh2
May 31 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Received disconnect from 193.24.211.100 port 53263:11: Client disconnecting normally [preauth]
May 31 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Disconnected from 193.24.211.100 port 53263 [preauth]
May 31 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Failed password for root from 103.153.68.219 port 60204 ssh2
May 31 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Connection closed by 103.153.68.219 port 60204 [preauth]
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10387]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10389]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10385]: pam_unix(cron:session): session closed for user p13x
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10447]: Successful su for rubyman by root
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10447]: + ??? root:rubyman
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430881 of user rubyman.
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10447]: pam_unix(su:session): session closed for user rubyman
May 31 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430881.
May 31 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session closed for user root
May 31 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10386]: pam_unix(cron:session): session closed for user samftp
May 31 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: Invalid user admin from 125.20.210.182
May 31 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: input_userauth_request: invalid user admin [preauth]
May 31 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 18:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: Failed password for invalid user admin from 125.20.210.182 port 50898 ssh2
May 31 18:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: Connection closed by 125.20.210.182 port 50898 [preauth]
May 31 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Failed password for root from 202.133.90.219 port 51392 ssh2
May 31 18:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Connection closed by 202.133.90.219 port 51392 [preauth]
May 31 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9329]: pam_unix(cron:session): session closed for user root
May 31 18:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Received disconnect from 154.16.119.22 port 36124:11: disconnected by user [preauth]
May 31 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Disconnected from 154.16.119.22 port 36124 [preauth]
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10810]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10809]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10811]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10812]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10812]: pam_unix(cron:session): session closed for user root
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session closed for user p13x
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10876]: Successful su for rubyman by root
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10876]: + ??? root:rubyman
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430887 of user rubyman.
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10876]: pam_unix(su:session): session closed for user rubyman
May 31 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430887.
May 31 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10809]: pam_unix(cron:session): session closed for user root
May 31 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8090]: pam_unix(cron:session): session closed for user root
May 31 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session closed for user samftp
May 31 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 18:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: Failed password for root from 103.149.28.157 port 56610 ssh2
May 31 18:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: Connection closed by 103.149.28.157 port 56610 [preauth]
May 31 18:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session closed for user root
May 31 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Failed password for root from 202.133.90.219 port 40168 ssh2
May 31 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Connection closed by 202.133.90.219 port 40168 [preauth]
May 31 18:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Connection closed by 194.59.206.2 port 36550 [preauth]
May 31 18:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Invalid user adele from 213.209.159.56
May 31 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: input_userauth_request: invalid user adele [preauth]
May 31 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user adele from 213.209.159.56 port 57213 ssh2
May 31 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11260]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session closed for user p13x
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11331]: Successful su for rubyman by root
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11331]: + ??? root:rubyman
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430890 of user rubyman.
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11331]: pam_unix(su:session): session closed for user rubyman
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430890.
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user adele from 213.209.159.56 port 57213 ssh2
May 31 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8479]: pam_unix(cron:session): session closed for user root
May 31 18:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user adele from 213.209.159.56 port 57213 ssh2
May 31 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11258]: pam_unix(cron:session): session closed for user samftp
May 31 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user adele from 213.209.159.56 port 57213 ssh2
May 31 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Failed password for root from 109.172.54.111 port 40372 ssh2
May 31 18:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Connection closed by 109.172.54.111 port 40372 [preauth]
May 31 18:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user adele from 213.209.159.56 port 57213 ssh2
May 31 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Received disconnect from 213.209.159.56 port 57213:11: Bye [preauth]
May 31 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Disconnected from 213.209.159.56 port 57213 [preauth]
May 31 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10389]: pam_unix(cron:session): session closed for user root
May 31 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Failed password for root from 202.133.90.219 port 42586 ssh2
May 31 18:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Connection closed by 202.133.90.219 port 42586 [preauth]
May 31 18:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 18:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Failed password for root from 185.236.22.41 port 55024 ssh2
May 31 18:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Connection closed by 185.236.22.41 port 55024 [preauth]
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session closed for user p13x
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11759]: Successful su for rubyman by root
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11759]: + ??? root:rubyman
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430896 of user rubyman.
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11759]: pam_unix(su:session): session closed for user rubyman
May 31 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430896.
May 31 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session closed for user root
May 31 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11683]: pam_unix(cron:session): session closed for user samftp
May 31 18:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10811]: pam_unix(cron:session): session closed for user root
May 31 18:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Failed password for root from 202.133.90.219 port 39066 ssh2
May 31 18:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Connection closed by 202.133.90.219 port 39066 [preauth]
May 31 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12138]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12136]: pam_unix(cron:session): session closed for user p13x
May 31 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: Successful su for rubyman by root
May 31 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: + ??? root:rubyman
May 31 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430900 of user rubyman.
May 31 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: pam_unix(su:session): session closed for user rubyman
May 31 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430900.
May 31 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9328]: pam_unix(cron:session): session closed for user root
May 31 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Received disconnect from 104.243.46.222 port 63528:11: disconnected by user [preauth]
May 31 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Disconnected from 104.243.46.222 port 63528 [preauth]
May 31 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Received disconnect from 172.96.172.91 port 36948:11: disconnected by user [preauth]
May 31 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Disconnected from 172.96.172.91 port 36948 [preauth]
May 31 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12137]: pam_unix(cron:session): session closed for user samftp
May 31 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11260]: pam_unix(cron:session): session closed for user root
May 31 18:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Failed password for root from 51.250.105.222 port 59994 ssh2
May 31 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Connection closed by 51.250.105.222 port 59994 [preauth]
May 31 18:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Failed password for root from 213.209.159.158 port 26210 ssh2
May 31 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Connection closed by 213.209.159.158 port 26210 [preauth]
May 31 18:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for root from 213.209.159.158 port 29066 ssh2
May 31 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Connection closed by 213.209.159.158 port 29066 [preauth]
May 31 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: Failed password for root from 213.209.159.158 port 29078 ssh2
May 31 18:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: Connection closed by 213.209.159.158 port 29078 [preauth]
May 31 18:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: Failed password for root from 213.209.159.158 port 49638 ssh2
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12684]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12685]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12682]: pam_unix(cron:session): session closed for user p13x
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: Connection closed by 213.209.159.158 port 49638 [preauth]
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12746]: Successful su for rubyman by root
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12746]: + ??? root:rubyman
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430903 of user rubyman.
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12746]: pam_unix(su:session): session closed for user rubyman
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430903.
May 31 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12668]: Failed password for root from 202.133.90.219 port 42766 ssh2
May 31 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12668]: Connection closed by 202.133.90.219 port 42766 [preauth]
May 31 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9712]: pam_unix(cron:session): session closed for user root
May 31 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12683]: pam_unix(cron:session): session closed for user samftp
May 31 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Failed password for root from 37.233.85.71 port 37998 ssh2
May 31 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Connection closed by 37.233.85.71 port 37998 [preauth]
May 31 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Failed password for root from 213.209.159.158 port 49652 ssh2
May 31 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Connection closed by 213.209.159.158 port 49652 [preauth]
May 31 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Failed password for root from 213.209.159.158 port 41050 ssh2
May 31 18:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Connection closed by 213.209.159.158 port 41050 [preauth]
May 31 18:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Failed password for root from 213.209.159.158 port 41058 ssh2
May 31 18:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Connection closed by 213.209.159.158 port 41058 [preauth]
May 31 18:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Failed password for root from 213.209.159.158 port 6520 ssh2
May 31 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Connection closed by 213.209.159.158 port 6520 [preauth]
May 31 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Failed password for root from 213.209.159.158 port 6526 ssh2
May 31 18:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Connection closed by 213.209.159.158 port 6526 [preauth]
May 31 18:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session closed for user root
May 31 18:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Failed password for root from 213.209.159.158 port 15548 ssh2
May 31 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Connection closed by 213.209.159.158 port 15548 [preauth]
May 31 18:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: Failed password for root from 213.209.159.158 port 34632 ssh2
May 31 18:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: Connection closed by 213.209.159.158 port 34632 [preauth]
May 31 18:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: Failed password for root from 213.209.159.158 port 10458 ssh2
May 31 18:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13077]: Connection closed by 213.209.159.158 port 10458 [preauth]
May 31 18:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session closed for user root
May 31 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session closed for user p13x
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: Successful su for rubyman by root
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: + ??? root:rubyman
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430908 of user rubyman.
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: pam_unix(su:session): session closed for user rubyman
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430908.
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for root from 213.209.159.158 port 10492 ssh2
May 31 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13108]: pam_unix(cron:session): session closed for user root
May 31 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 213.209.159.158 port 10492 [preauth]
May 31 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10387]: pam_unix(cron:session): session closed for user root
May 31 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Failed password for root from 62.133.62.83 port 59206 ssh2
May 31 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Connection closed by 62.133.62.83 port 59206 [preauth]
May 31 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13107]: pam_unix(cron:session): session closed for user samftp
May 31 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for root from 213.209.159.158 port 35868 ssh2
May 31 18:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Connection closed by 213.209.159.158 port 35868 [preauth]
May 31 18:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13409]: Failed password for root from 202.133.90.219 port 34874 ssh2
May 31 18:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13409]: Connection closed by 202.133.90.219 port 34874 [preauth]
May 31 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Failed password for root from 213.209.159.158 port 54166 ssh2
May 31 18:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Connection closed by 213.209.159.158 port 54166 [preauth]
May 31 18:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Bad protocol version identification 'GET / HTTP/1.1' from 64.62.156.66 port 13548
May 31 18:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Failed password for root from 213.209.159.158 port 27408 ssh2
May 31 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session closed for user root
May 31 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Connection closed by 213.209.159.158 port 27408 [preauth]
May 31 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Failed password for root from 213.209.159.158 port 16470 ssh2
May 31 18:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Connection closed by 213.209.159.158 port 16470 [preauth]
May 31 18:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: Failed password for root from 125.20.210.182 port 38584 ssh2
May 31 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Failed password for root from 213.209.159.158 port 14396 ssh2
May 31 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Connection closed by 213.209.159.158 port 14396 [preauth]
May 31 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13556]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user p13x
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: Successful su for rubyman by root
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: + ??? root:rubyman
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430912 of user rubyman.
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session closed for user rubyman
May 31 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430912.
May 31 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.158  user=root
May 31 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Received disconnect from 199.195.248.228 port 44924:11: disconnected by user [preauth]
May 31 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Disconnected from 199.195.248.228 port 44924 [preauth]
May 31 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10810]: pam_unix(cron:session): session closed for user root
May 31 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13543]: Failed password for root from 213.209.159.158 port 55484 ssh2
May 31 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session closed for user samftp
May 31 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13543]: Connection closed by 213.209.159.158 port 55484 [preauth]
May 31 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Failed password for root from 202.133.90.219 port 46390 ssh2
May 31 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Connection closed by 202.133.90.219 port 46390 [preauth]
May 31 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: Connection closed by 125.20.210.182 port 38584 [preauth]
May 31 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12685]: pam_unix(cron:session): session closed for user root
May 31 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May 31 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: Failed password for root from 80.94.95.115 port 61516 ssh2
May 31 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: Connection closed by 80.94.95.115 port 61516 [preauth]
May 31 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session closed for user p13x
May 31 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14036]: Successful su for rubyman by root
May 31 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14036]: + ??? root:rubyman
May 31 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430917 of user rubyman.
May 31 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14036]: pam_unix(su:session): session closed for user rubyman
May 31 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430917.
May 31 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session closed for user root
May 31 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user samftp
May 31 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
May 31 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Failed password for root from 147.45.211.215 port 55922 ssh2
May 31 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Connection closed by 147.45.211.215 port 55922 [preauth]
May 31 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session closed for user root
May 31 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Failed password for root from 202.133.90.219 port 49004 ssh2
May 31 18:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Connection closed by 202.133.90.219 port 49004 [preauth]
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14356]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14355]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user p13x
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14413]: Successful su for rubyman by root
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14413]: + ??? root:rubyman
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430921 of user rubyman.
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14413]: pam_unix(su:session): session closed for user rubyman
May 31 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430921.
May 31 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session closed for user root
May 31 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session closed for user samftp
May 31 18:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
May 31 18:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: Failed password for root from 176.32.39.21 port 49238 ssh2
May 31 18:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: Connection closed by 176.32.39.21 port 49238 [preauth]
May 31 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session closed for user root
May 31 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Failed password for root from 202.133.90.219 port 34610 ssh2
May 31 18:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Connection closed by 202.133.90.219 port 34610 [preauth]
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session closed for user p13x
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14951]: Successful su for rubyman by root
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14951]: + ??? root:rubyman
May 31 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430926 of user rubyman.
May 31 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14951]: pam_unix(su:session): session closed for user rubyman
May 31 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430926.
May 31 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session closed for user root
May 31 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12138]: pam_unix(cron:session): session closed for user root
May 31 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 18:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session closed for user samftp
May 31 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: Failed password for root from 193.37.70.224 port 46990 ssh2
May 31 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: Connection closed by 193.37.70.224 port 46990 [preauth]
May 31 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session closed for user root
May 31 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Failed password for root from 202.133.90.219 port 39994 ssh2
May 31 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Connection closed by 202.133.90.219 port 39994 [preauth]
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15338]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15335]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15338]: pam_unix(cron:session): session closed for user root
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15333]: pam_unix(cron:session): session closed for user p13x
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15399]: Successful su for rubyman by root
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15399]: + ??? root:rubyman
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430931 of user rubyman.
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15399]: pam_unix(su:session): session closed for user rubyman
May 31 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430931.
May 31 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15335]: pam_unix(cron:session): session closed for user root
May 31 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12684]: pam_unix(cron:session): session closed for user root
May 31 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15334]: pam_unix(cron:session): session closed for user samftp
May 31 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14356]: pam_unix(cron:session): session closed for user root
May 31 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session closed for user p13x
May 31 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: Successful su for rubyman by root
May 31 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: + ??? root:rubyman
May 31 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430936 of user rubyman.
May 31 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: pam_unix(su:session): session closed for user rubyman
May 31 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430936.
May 31 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13109]: pam_unix(cron:session): session closed for user root
May 31 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session closed for user samftp
May 31 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Failed password for root from 202.133.90.219 port 51126 ssh2
May 31 18:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Connection closed by 202.133.90.219 port 51126 [preauth]
May 31 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session closed for user root
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user p13x
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: Successful su for rubyman by root
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: + ??? root:rubyman
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430939 of user rubyman.
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: pam_unix(su:session): session closed for user rubyman
May 31 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430939.
May 31 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13556]: pam_unix(cron:session): session closed for user root
May 31 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16136]: pam_unix(cron:session): session closed for user samftp
May 31 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: Failed password for root from 202.133.90.219 port 37262 ssh2
May 31 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: Connection closed by 202.133.90.219 port 37262 [preauth]
May 31 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15337]: pam_unix(cron:session): session closed for user root
May 31 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Received disconnect from 208.87.243.61 port 43944:11: disconnected by user [preauth]
May 31 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Disconnected from 208.87.243.61 port 43944 [preauth]
May 31 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: Failed password for root from 103.82.20.28 port 42728 ssh2
May 31 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: Connection closed by 103.82.20.28 port 42728 [preauth]
May 31 18:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16533]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16532]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session closed for user p13x
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16588]: Successful su for rubyman by root
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16588]: + ??? root:rubyman
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430943 of user rubyman.
May 31 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16588]: pam_unix(su:session): session closed for user rubyman
May 31 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430943.
May 31 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user root
May 31 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session closed for user samftp
May 31 18:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16527]: Failed password for root from 125.20.210.182 port 45174 ssh2
May 31 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16527]: Connection closed by 125.20.210.182 port 45174 [preauth]
May 31 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Failed password for root from 202.133.90.219 port 39790 ssh2
May 31 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Connection closed by 202.133.90.219 port 39790 [preauth]
May 31 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session closed for user root
May 31 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Failed password for root from 89.223.69.22 port 54504 ssh2
May 31 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Connection closed by 89.223.69.22 port 54504 [preauth]
May 31 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16925]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16922]: pam_unix(cron:session): session closed for user p13x
May 31 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16982]: Successful su for rubyman by root
May 31 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16982]: + ??? root:rubyman
May 31 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430948 of user rubyman.
May 31 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16982]: pam_unix(su:session): session closed for user rubyman
May 31 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430948.
May 31 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14355]: pam_unix(cron:session): session closed for user root
May 31 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16923]: pam_unix(cron:session): session closed for user samftp
May 31 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session closed for user root
May 31 18:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Failed password for root from 202.133.90.219 port 56676 ssh2
May 31 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Connection closed by 202.133.90.219 port 56676 [preauth]
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session closed for user root
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user p13x
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17377]: Successful su for rubyman by root
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17377]: + ??? root:rubyman
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430955 of user rubyman.
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17377]: pam_unix(su:session): session closed for user rubyman
May 31 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430955.
May 31 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session closed for user root
May 31 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session closed for user root
May 31 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session closed for user samftp
May 31 18:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 18:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: Failed password for root from 103.176.20.57 port 34164 ssh2
May 31 18:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: Connection closed by 103.176.20.57 port 34164 [preauth]
May 31 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16533]: pam_unix(cron:session): session closed for user root
May 31 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17754]: Did not receive identification string from 45.79.115.134
May 31 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Failed password for root from 202.133.90.219 port 36876 ssh2
May 31 18:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Connection closed by 202.133.90.219 port 36876 [preauth]
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17824]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17825]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17821]: pam_unix(cron:session): session closed for user p13x
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17898]: Successful su for rubyman by root
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17898]: + ??? root:rubyman
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430957 of user rubyman.
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17898]: pam_unix(su:session): session closed for user rubyman
May 31 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430957.
May 31 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15336]: pam_unix(cron:session): session closed for user root
May 31 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17823]: pam_unix(cron:session): session closed for user samftp
May 31 18:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162  user=root
May 31 18:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Failed password for root from 173.254.234.162 port 59540 ssh2
May 31 18:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Connection closed by 173.254.234.162 port 59540 [preauth]
May 31 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Connection closed by 172.104.11.4 port 11846 [preauth]
May 31 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Connection closed by 172.104.11.4 port 11862 [preauth]
May 31 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: fatal: Unable to negotiate with 172.104.11.4 port 11870: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May 31 18:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May 31 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16925]: pam_unix(cron:session): session closed for user root
May 31 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18167]: Failed password for root from 80.94.95.116 port 25306 ssh2
May 31 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18167]: Connection closed by 80.94.95.116 port 25306 [preauth]
May 31 18:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18265]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18262]: pam_unix(cron:session): session closed for user p13x
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18328]: Successful su for rubyman by root
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18328]: + ??? root:rubyman
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430961 of user rubyman.
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18328]: pam_unix(su:session): session closed for user rubyman
May 31 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430961.
May 31 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Failed password for root from 202.133.90.219 port 45236 ssh2
May 31 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session closed for user root
May 31 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Connection closed by 202.133.90.219 port 45236 [preauth]
May 31 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session closed for user samftp
May 31 18:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session closed for user root
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18751]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18749]: pam_unix(cron:session): session closed for user p13x
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: Successful su for rubyman by root
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: + ??? root:rubyman
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430966 of user rubyman.
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: pam_unix(su:session): session closed for user rubyman
May 31 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430966.
May 31 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
May 31 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18750]: pam_unix(cron:session): session closed for user samftp
May 31 18:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: Failed password for root from 202.133.90.219 port 35466 ssh2
May 31 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19020]: Connection closed by 202.133.90.219 port 35466 [preauth]
May 31 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17825]: pam_unix(cron:session): session closed for user root
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session closed for user p13x
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19327]: Successful su for rubyman by root
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19327]: + ??? root:rubyman
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430970 of user rubyman.
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19327]: pam_unix(su:session): session closed for user rubyman
May 31 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430970.
May 31 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16532]: pam_unix(cron:session): session closed for user root
May 31 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session closed for user samftp
May 31 18:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: Failed password for root from 125.20.210.182 port 43816 ssh2
May 31 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: Connection closed by 125.20.210.182 port 43816 [preauth]
May 31 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: Failed password for root from 202.133.90.219 port 47834 ssh2
May 31 18:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: Connection closed by 202.133.90.219 port 47834 [preauth]
May 31 18:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18265]: pam_unix(cron:session): session closed for user root
May 31 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 18:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19807]: Failed password for root from 147.45.197.250 port 33528 ssh2
May 31 18:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19807]: Connection closed by 147.45.197.250 port 33528 [preauth]
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session closed for user root
May 31 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user p13x
May 31 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19947]: Successful su for rubyman by root
May 31 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19947]: + ??? root:rubyman
May 31 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430973 of user rubyman.
May 31 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19947]: pam_unix(su:session): session closed for user rubyman
May 31 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430973.
May 31 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session closed for user root
May 31 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16924]: pam_unix(cron:session): session closed for user root
May 31 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session closed for user samftp
May 31 18:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session closed for user root
May 31 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Failed password for root from 202.133.90.219 port 49578 ssh2
May 31 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Connection closed by 202.133.90.219 port 49578 [preauth]
May 31 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session closed for user p13x
May 31 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20491]: Successful su for rubyman by root
May 31 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20491]: + ??? root:rubyman
May 31 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430979 of user rubyman.
May 31 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20491]: pam_unix(su:session): session closed for user rubyman
May 31 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430979.
May 31 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session closed for user root
May 31 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session closed for user samftp
May 31 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Failed password for root from 109.237.96.109 port 48762 ssh2
May 31 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Connection closed by 109.237.96.109 port 48762 [preauth]
May 31 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session closed for user root
May 31 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Failed password for root from 202.133.90.219 port 59644 ssh2
May 31 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Connection closed by 202.133.90.219 port 59644 [preauth]
May 31 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session closed for user p13x
May 31 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: Successful su for rubyman by root
May 31 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: + ??? root:rubyman
May 31 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430985 of user rubyman.
May 31 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: pam_unix(su:session): session closed for user rubyman
May 31 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430985.
May 31 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17824]: pam_unix(cron:session): session closed for user root
May 31 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session closed for user samftp
May 31 18:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Failed password for root from 103.15.222.183 port 39854 ssh2
May 31 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Connection closed by 103.15.222.183 port 39854 [preauth]
May 31 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session closed for user root
May 31 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21325]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21326]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session closed for user p13x
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21390]: Successful su for rubyman by root
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21390]: + ??? root:rubyman
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430988 of user rubyman.
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21390]: pam_unix(su:session): session closed for user rubyman
May 31 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430988.
May 31 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session closed for user root
May 31 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Failed password for root from 202.133.90.219 port 52586 ssh2
May 31 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user samftp
May 31 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Connection closed by 202.133.90.219 port 52586 [preauth]
May 31 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session closed for user root
May 31 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21750]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session closed for user p13x
May 31 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21809]: Successful su for rubyman by root
May 31 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21809]: + ??? root:rubyman
May 31 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430991 of user rubyman.
May 31 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21809]: pam_unix(su:session): session closed for user rubyman
May 31 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430991.
May 31 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18751]: pam_unix(cron:session): session closed for user root
May 31 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session closed for user samftp
May 31 18:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21978]: Failed password for root from 202.133.90.219 port 36720 ssh2
May 31 18:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21978]: Connection closed by 202.133.90.219 port 36720 [preauth]
May 31 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session closed for user root
May 31 18:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 18:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Received disconnect from 217.156.65.251 port 46694:11: disconnected by user [preauth]
May 31 18:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Disconnected from 217.156.65.251 port 46694 [preauth]
May 31 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Failed password for root from 103.122.221.179 port 34198 ssh2
May 31 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Connection closed by 103.122.221.179 port 34198 [preauth]
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22145]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user root
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22143]: pam_unix(cron:session): session closed for user p13x
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: Successful su for rubyman by root
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: + ??? root:rubyman
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 430997 of user rubyman.
May 31 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: pam_unix(su:session): session closed for user rubyman
May 31 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 430997.
May 31 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22145]: pam_unix(cron:session): session closed for user root
May 31 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session closed for user root
May 31 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22144]: pam_unix(cron:session): session closed for user samftp
May 31 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Failed password for root from 202.133.90.219 port 56236 ssh2
May 31 18:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Connection closed by 202.133.90.219 port 56236 [preauth]
May 31 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21326]: pam_unix(cron:session): session closed for user root
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22569]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session closed for user p13x
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: Successful su for rubyman by root
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: + ??? root:rubyman
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431001 of user rubyman.
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: pam_unix(su:session): session closed for user rubyman
May 31 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431001.
May 31 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session closed for user samftp
May 31 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session closed for user root
May 31 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: Failed password for root from 125.20.210.182 port 39788 ssh2
May 31 18:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: Connection closed by 125.20.210.182 port 39788 [preauth]
May 31 18:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Invalid user 1234 from 193.46.255.86
May 31 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: input_userauth_request: invalid user 1234 [preauth]
May 31 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
May 31 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Failed password for invalid user 1234 from 193.46.255.86 port 45864 ssh2
May 31 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Failed password for invalid user 1234 from 193.46.255.86 port 45864 ssh2
May 31 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Failed password for invalid user 1234 from 193.46.255.86 port 45864 ssh2
May 31 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21750]: pam_unix(cron:session): session closed for user root
May 31 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Failed password for invalid user 1234 from 193.46.255.86 port 45864 ssh2
May 31 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: pam_unix(sshd:auth): check pass; user unknown
May 31 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Failed password for root from 202.133.90.219 port 60048 ssh2
May 31 18:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Connection closed by 202.133.90.219 port 60048 [preauth]
May 31 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Failed password for invalid user 1234 from 193.46.255.86 port 45864 ssh2
May 31 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Received disconnect from 193.46.255.86 port 45864:11: Bye [preauth]
May 31 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: Disconnected from 193.46.255.86 port 45864 [preauth]
May 31 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
May 31 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22875]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 18:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22977]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22976]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session closed for user p13x
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23032]: Successful su for rubyman by root
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23032]: + ??? root:rubyman
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431005 of user rubyman.
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23032]: pam_unix(su:session): session closed for user rubyman
May 31 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431005.
May 31 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Failed password for root from 185.156.73.233 port 55336 ssh2
May 31 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Connection closed by 185.156.73.233 port 55336 [preauth]
May 31 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session closed for user root
May 31 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session closed for user samftp
May 31 18:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session closed for user root
May 31 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for root from 147.45.199.80 port 36846 ssh2
May 31 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Connection closed by 147.45.199.80 port 36846 [preauth]
May 31 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23337]: Failed password for root from 38.93.206.2 port 42344 ssh2
May 31 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23337]: Connection closed by 38.93.206.2 port 42344 [preauth]
May 31 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: Failed password for root from 202.133.90.219 port 35672 ssh2
May 31 18:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: Connection closed by 202.133.90.219 port 35672 [preauth]
May 31 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23378]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23377]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23375]: pam_unix(cron:session): session closed for user p13x
May 31 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23438]: Successful su for rubyman by root
May 31 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23438]: + ??? root:rubyman
May 31 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431010 of user rubyman.
May 31 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23438]: pam_unix(su:session): session closed for user rubyman
May 31 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431010.
May 31 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session closed for user root
May 31 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23376]: pam_unix(cron:session): session closed for user samftp
May 31 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session closed for user root
May 31 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 18:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for root from 202.133.90.219 port 54994 ssh2
May 31 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Connection closed by 202.133.90.219 port 54994 [preauth]
May 31 18:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100  user=root
May 31 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23795]: pam_unix(cron:session): session closed for user p13x
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: Successful su for rubyman by root
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: + ??? root:rubyman
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431013 of user rubyman.
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: pam_unix(su:session): session closed for user rubyman
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431013.
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Failed password for root from 193.24.211.100 port 22148 ssh2
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Received disconnect from 193.24.211.100 port 22148:11: Client disconnecting normally [preauth]
May 31 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Disconnected from 193.24.211.100 port 22148 [preauth]
May 31 18:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21325]: pam_unix(cron:session): session closed for user root
May 31 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session closed for user samftp
May 31 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22977]: pam_unix(cron:session): session closed for user root
May 31 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24315]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24311]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24312]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session closed for user root
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24311]: pam_unix(cron:session): session closed for user root
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session closed for user p13x
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: Successful su for rubyman by root
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: + ??? root:rubyman
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431017 of user rubyman.
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: pam_unix(su:session): session closed for user rubyman
May 31 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431017.
May 31 19:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 19:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24312]: pam_unix(cron:session): session closed for user root
May 31 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session closed for user root
May 31 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Failed password for root from 202.133.90.219 port 56138 ssh2
May 31 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session closed for user samftp
May 31 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Connection closed by 202.133.90.219 port 56138 [preauth]
May 31 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23378]: pam_unix(cron:session): session closed for user root
May 31 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session closed for user p13x
May 31 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: Successful su for rubyman by root
May 31 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: + ??? root:rubyman
May 31 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431024 of user rubyman.
May 31 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: pam_unix(su:session): session closed for user rubyman
May 31 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431024.
May 31 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session closed for user root
May 31 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session closed for user samftp
May 31 19:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 19:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Failed password for root from 202.133.90.219 port 50434 ssh2
May 31 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Connection closed by 202.133.90.219 port 50434 [preauth]
May 31 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23798]: pam_unix(cron:session): session closed for user root
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25241]: pam_unix(cron:session): session closed for user p13x
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: Successful su for rubyman by root
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: + ??? root:rubyman
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431028 of user rubyman.
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session closed for user rubyman
May 31 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431028.
May 31 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22569]: pam_unix(cron:session): session closed for user root
May 31 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session closed for user samftp
May 31 19:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Failed password for root from 202.133.90.219 port 45494 ssh2
May 31 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24315]: pam_unix(cron:session): session closed for user root
May 31 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Connection closed by 202.133.90.219 port 45494 [preauth]
May 31 19:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session closed for user p13x
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25685]: Successful su for rubyman by root
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25685]: + ??? root:rubyman
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431032 of user rubyman.
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25685]: pam_unix(su:session): session closed for user rubyman
May 31 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431032.
May 31 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22976]: pam_unix(cron:session): session closed for user root
May 31 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: Invalid user admin from 125.20.210.182
May 31 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: input_userauth_request: invalid user admin [preauth]
May 31 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: Failed password for invalid user admin from 125.20.210.182 port 59664 ssh2
May 31 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session closed for user samftp
May 31 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25625]: Connection closed by 125.20.210.182 port 59664 [preauth]
May 31 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session closed for user root
May 31 19:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 19:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Failed password for root from 202.133.90.219 port 41086 ssh2
May 31 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Connection closed by 202.133.90.219 port 41086 [preauth]
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session closed for user p13x
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: Successful su for rubyman by root
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: + ??? root:rubyman
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431036 of user rubyman.
May 31 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: pam_unix(su:session): session closed for user rubyman
May 31 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431036.
May 31 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23377]: pam_unix(cron:session): session closed for user root
May 31 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user samftp
May 31 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session closed for user root
May 31 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Failed password for root from 103.173.227.57 port 53316 ssh2
May 31 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Connection closed by 103.173.227.57 port 53316 [preauth]
May 31 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Invalid user prometheus from 202.133.90.219
May 31 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: input_userauth_request: invalid user prometheus [preauth]
May 31 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for invalid user prometheus from 202.133.90.219 port 43934 ssh2
May 31 19:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Connection closed by 202.133.90.219 port 43934 [preauth]
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26419]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26418]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26421]: pam_unix(cron:session): session closed for user root
May 31 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session closed for user p13x
May 31 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26485]: Successful su for rubyman by root
May 31 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26485]: + ??? root:rubyman
May 31 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431040 of user rubyman.
May 31 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26485]: pam_unix(su:session): session closed for user rubyman
May 31 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431040.
May 31 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session closed for user root
May 31 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26418]: pam_unix(cron:session): session closed for user root
May 31 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session closed for user samftp
May 31 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session closed for user root
May 31 19:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: Invalid user polkitd from 202.133.90.219
May 31 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: input_userauth_request: invalid user polkitd [preauth]
May 31 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: Failed password for invalid user polkitd from 202.133.90.219 port 60112 ssh2
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26910]: Connection closed by 202.133.90.219 port 60112 [preauth]
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session closed for user p13x
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26991]: Successful su for rubyman by root
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26991]: + ??? root:rubyman
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431046 of user rubyman.
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26991]: pam_unix(su:session): session closed for user rubyman
May 31 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431046.
May 31 19:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24314]: pam_unix(cron:session): session closed for user root
May 31 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user samftp
May 31 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Invalid user user from 2.57.121.25
May 31 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: input_userauth_request: invalid user user [preauth]
May 31 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 19:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user user from 2.57.121.25 port 49992 ssh2
May 31 19:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user user from 2.57.121.25 port 49992 ssh2
May 31 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user user from 2.57.121.25 port 49992 ssh2
May 31 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user user from 2.57.121.25 port 49992 ssh2
May 31 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user user from 2.57.121.25 port 49992 ssh2
May 31 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Received disconnect from 2.57.121.25 port 49992:11: Bye [preauth]
May 31 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Disconnected from 2.57.121.25 port 49992 [preauth]
May 31 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session closed for user root
May 31 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: Failed password for root from 103.172.78.219 port 59156 ssh2
May 31 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: Connection closed by 103.172.78.219 port 59156 [preauth]
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session closed for user p13x
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: Successful su for rubyman by root
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: + ??? root:rubyman
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431051 of user rubyman.
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: pam_unix(su:session): session closed for user rubyman
May 31 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431051.
May 31 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session closed for user root
May 31 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user samftp
May 31 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Invalid user peertube from 202.133.90.219
May 31 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: input_userauth_request: invalid user peertube [preauth]
May 31 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Failed password for invalid user peertube from 202.133.90.219 port 35442 ssh2
May 31 19:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Connection closed by 202.133.90.219 port 35442 [preauth]
May 31 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26420]: pam_unix(cron:session): session closed for user root
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27765]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27764]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session closed for user p13x
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: Successful su for rubyman by root
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: + ??? root:rubyman
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431054 of user rubyman.
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: pam_unix(su:session): session closed for user rubyman
May 31 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431054.
May 31 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session closed for user root
May 31 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session closed for user samftp
May 31 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Invalid user opsftp from 202.133.90.219
May 31 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: input_userauth_request: invalid user opsftp [preauth]
May 31 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Failed password for invalid user opsftp from 202.133.90.219 port 45382 ssh2
May 31 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Connection closed by 202.133.90.219 port 45382 [preauth]
May 31 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session closed for user root
May 31 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28202]: Failed password for root from 94.159.98.239 port 40736 ssh2
May 31 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28202]: Connection closed by 94.159.98.239 port 40736 [preauth]
May 31 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Invalid user debian from 185.156.73.233
May 31 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: input_userauth_request: invalid user debian [preauth]
May 31 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Failed password for invalid user debian from 185.156.73.233 port 29154 ssh2
May 31 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Connection closed by 185.156.73.233 port 29154 [preauth]
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28236]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28237]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28234]: pam_unix(cron:session): session closed for user p13x
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: Successful su for rubyman by root
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: + ??? root:rubyman
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431058 of user rubyman.
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: pam_unix(su:session): session closed for user rubyman
May 31 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431058.
May 31 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session closed for user root
May 31 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session closed for user root
May 31 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28235]: pam_unix(cron:session): session closed for user samftp
May 31 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Invalid user admin from 2.57.121.112
May 31 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: input_userauth_request: invalid user admin [preauth]
May 31 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Failed password for invalid user admin from 2.57.121.112 port 61116 ssh2
May 31 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Failed password for invalid user admin from 2.57.121.112 port 61116 ssh2
May 31 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Failed password for invalid user admin from 2.57.121.112 port 61116 ssh2
May 31 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Failed password for invalid user admin from 2.57.121.112 port 61116 ssh2
May 31 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Failed password for invalid user admin from 2.57.121.112 port 61116 ssh2
May 31 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Received disconnect from 2.57.121.112 port 61116:11: Bye [preauth]
May 31 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Disconnected from 2.57.121.112 port 61116 [preauth]
May 31 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Invalid user openhabian from 202.133.90.219
May 31 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: input_userauth_request: invalid user openhabian [preauth]
May 31 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Failed password for invalid user openhabian from 202.133.90.219 port 39836 ssh2
May 31 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Connection closed by 202.133.90.219 port 39836 [preauth]
May 31 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: Invalid user user from 125.20.210.182
May 31 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: input_userauth_request: invalid user user [preauth]
May 31 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session closed for user root
May 31 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: Failed password for invalid user user from 125.20.210.182 port 54840 ssh2
May 31 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: Connection closed by 125.20.210.182 port 54840 [preauth]
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session closed for user root
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session closed for user p13x
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: Successful su for rubyman by root
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: + ??? root:rubyman
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431065 of user rubyman.
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: pam_unix(su:session): session closed for user rubyman
May 31 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431065.
May 31 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session closed for user root
May 31 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session closed for user root
May 31 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session closed for user samftp
May 31 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27765]: pam_unix(cron:session): session closed for user root
May 31 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Invalid user nodejs from 202.133.90.219
May 31 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: input_userauth_request: invalid user nodejs [preauth]
May 31 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user nodejs from 202.133.90.219 port 44542 ssh2
May 31 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Connection closed by 202.133.90.219 port 44542 [preauth]
May 31 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session closed for user p13x
May 31 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29333]: Successful su for rubyman by root
May 31 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29333]: + ??? root:rubyman
May 31 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431069 of user rubyman.
May 31 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29333]: pam_unix(su:session): session closed for user rubyman
May 31 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431069.
May 31 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26419]: pam_unix(cron:session): session closed for user root
May 31 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session closed for user samftp
May 31 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28237]: pam_unix(cron:session): session closed for user root
May 31 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: User nobody from 202.133.90.219 not allowed because not listed in AllowUsers
May 31 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: input_userauth_request: invalid user nobody [preauth]
May 31 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=nobody
May 31 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Failed password for invalid user nobody from 202.133.90.219 port 35938 ssh2
May 31 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Connection closed by 202.133.90.219 port 35938 [preauth]
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user p13x
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: Successful su for rubyman by root
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: + ??? root:rubyman
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431075 of user rubyman.
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: pam_unix(su:session): session closed for user rubyman
May 31 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431075.
May 31 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session closed for user root
May 31 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user samftp
May 31 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session closed for user root
May 31 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session closed for user p13x
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: Successful su for rubyman by root
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: + ??? root:rubyman
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431077 of user rubyman.
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: pam_unix(su:session): session closed for user rubyman
May 31 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431077.
May 31 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session closed for user root
May 31 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Invalid user n from 202.133.90.219
May 31 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: input_userauth_request: invalid user n [preauth]
May 31 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session closed for user samftp
May 31 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Failed password for invalid user n from 202.133.90.219 port 55606 ssh2
May 31 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Connection closed by 202.133.90.219 port 55606 [preauth]
May 31 19:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 19:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for root from 62.133.63.178 port 59878 ssh2
May 31 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 62.133.63.178 port 59878 [preauth]
May 31 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session closed for user root
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session closed for user p13x
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: Successful su for rubyman by root
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: + ??? root:rubyman
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431082 of user rubyman.
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session closed for user rubyman
May 31 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431082.
May 31 19:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27764]: pam_unix(cron:session): session closed for user root
May 31 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30635]: pam_unix(cron:session): session closed for user samftp
May 31 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Invalid user nexus from 202.133.90.219
May 31 19:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: input_userauth_request: invalid user nexus [preauth]
May 31 19:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Failed password for invalid user nexus from 202.133.90.219 port 57894 ssh2
May 31 19:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Connection closed by 202.133.90.219 port 57894 [preauth]
May 31 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Received disconnect from 210.210.155.71 port 46390:11: disconnected by user [preauth]
May 31 19:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Disconnected from 210.210.155.71 port 46390 [preauth]
May 31 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session closed for user root
May 31 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Failed password for root from 103.82.132.16 port 49194 ssh2
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31132]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31132]: pam_unix(cron:session): session closed for user root
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session closed for user p13x
May 31 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Connection closed by 103.82.132.16 port 49194 [preauth]
May 31 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: Successful su for rubyman by root
May 31 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: + ??? root:rubyman
May 31 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431087 of user rubyman.
May 31 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: pam_unix(su:session): session closed for user rubyman
May 31 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431087.
May 31 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28236]: pam_unix(cron:session): session closed for user root
May 31 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session closed for user root
May 31 19:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session closed for user samftp
May 31 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: Received disconnect from 74.48.69.130 port 48696:11: disconnected by user [preauth]
May 31 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: Disconnected from 74.48.69.130 port 48696 [preauth]
May 31 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Failed password for root from 194.113.233.25 port 51020 ssh2
May 31 19:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Connection closed by 194.113.233.25 port 51020 [preauth]
May 31 19:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: User mysql from 202.133.90.219 not allowed because not listed in AllowUsers
May 31 19:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: input_userauth_request: invalid user mysql [preauth]
May 31 19:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=mysql
May 31 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: Failed password for invalid user mysql from 202.133.90.219 port 59056 ssh2
May 31 19:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: Connection closed by 202.133.90.219 port 59056 [preauth]
May 31 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user root
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31662]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session closed for user p13x
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: Successful su for rubyman by root
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: + ??? root:rubyman
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431091 of user rubyman.
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: pam_unix(su:session): session closed for user rubyman
May 31 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431091.
May 31 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session closed for user root
May 31 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31661]: pam_unix(cron:session): session closed for user samftp
May 31 19:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: Failed password for root from 103.77.242.62 port 58552 ssh2
May 31 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: Connection closed by 103.77.242.62 port 58552 [preauth]
May 31 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: Invalid user mas from 202.133.90.219
May 31 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: input_userauth_request: invalid user mas [preauth]
May 31 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: Failed password for invalid user mas from 202.133.90.219 port 52334 ssh2
May 31 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31981]: Connection closed by 202.133.90.219 port 52334 [preauth]
May 31 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session closed for user root
May 31 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 19:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Failed password for root from 125.20.210.182 port 56636 ssh2
May 31 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Connection closed by 125.20.210.182 port 56636 [preauth]
May 31 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Failed password for root from 103.149.170.125 port 43590 ssh2
May 31 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Connection closed by 103.149.170.125 port 43590 [preauth]
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session closed for user root
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session closed for user p13x
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: Successful su for rubyman by root
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: + ??? root:rubyman
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431097 of user rubyman.
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: pam_unix(su:session): session closed for user rubyman
May 31 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431097.
May 31 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session closed for user root
May 31 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session closed for user samftp
May 31 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session closed for user root
May 31 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Failed password for root from 170.82.76.2 port 11825 ssh2
May 31 19:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Connection closed by 170.82.76.2 port 11825 [preauth]
May 31 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Invalid user leo from 202.133.90.219
May 31 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: input_userauth_request: invalid user leo [preauth]
May 31 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Failed password for invalid user leo from 202.133.90.219 port 48406 ssh2
May 31 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Connection closed by 202.133.90.219 port 48406 [preauth]
May 31 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Failed password for root from 77.94.47.83 port 60182 ssh2
May 31 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Connection closed by 77.94.47.83 port 60182 [preauth]
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session closed for user p13x
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32564]: Successful su for rubyman by root
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32564]: + ??? root:rubyman
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431102 of user rubyman.
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32564]: pam_unix(su:session): session closed for user rubyman
May 31 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431102.
May 31 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session closed for user root
May 31 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user samftp
May 31 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Invalid user student1 from 173.254.234.162
May 31 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: input_userauth_request: invalid user student1 [preauth]
May 31 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 19:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Failed password for invalid user student1 from 173.254.234.162 port 37634 ssh2
May 31 19:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Connection closed by 173.254.234.162 port 37634 [preauth]
May 31 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session closed for user root
May 31 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
May 31 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[393]: Failed password for root from 46.19.67.181 port 51692 ssh2
May 31 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[393]: Connection closed by 46.19.67.181 port 51692 [preauth]
May 31 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: Invalid user james from 202.133.90.219
May 31 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: input_userauth_request: invalid user james [preauth]
May 31 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: Failed password for invalid user james from 202.133.90.219 port 50826 ssh2
May 31 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: Connection closed by 202.133.90.219 port 50826 [preauth]
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[595]: pam_unix(cron:session): session closed for user p13x
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[658]: Successful su for rubyman by root
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[658]: + ??? root:rubyman
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431106 of user rubyman.
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[658]: pam_unix(su:session): session closed for user rubyman
May 31 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431106.
May 31 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session closed for user root
May 31 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session closed for user samftp
May 31 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user root
May 31 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: Failed password for root from 80.66.85.226 port 44734 ssh2
May 31 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: Connection closed by 80.66.85.226 port 44734 [preauth]
May 31 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: Invalid user inspur from 202.133.90.219
May 31 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: input_userauth_request: invalid user inspur [preauth]
May 31 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session closed for user root
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: Failed password for invalid user inspur from 202.133.90.219 port 40406 ssh2
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user p13x
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1117]: Successful su for rubyman by root
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1117]: + ??? root:rubyman
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431110 of user rubyman.
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1117]: pam_unix(su:session): session closed for user rubyman
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431110.
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1006]: Connection closed by 202.133.90.219 port 40406 [preauth]
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Received disconnect from 198.199.106.159 port 60192:11: disconnected by user [preauth]
May 31 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Disconnected from 198.199.106.159 port 60192 [preauth]
May 31 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user root
May 31 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session closed for user root
May 31 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session closed for user samftp
May 31 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
May 31 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: Failed password for root from 185.156.73.233 port 49950 ssh2
May 31 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: Connection closed by 185.156.73.233 port 49950 [preauth]
May 31 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Received disconnect from 46.55.211.4 port 50354:11: disconnected by user [preauth]
May 31 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Disconnected from 46.55.211.4 port 50354 [preauth]
May 31 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session closed for user root
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session closed for user p13x
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: Successful su for rubyman by root
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: + ??? root:rubyman
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431114 of user rubyman.
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session closed for user rubyman
May 31 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431114.
May 31 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session closed for user root
May 31 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session closed for user samftp
May 31 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Invalid user hadoop from 202.133.90.219
May 31 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: input_userauth_request: invalid user hadoop [preauth]
May 31 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Failed password for invalid user hadoop from 202.133.90.219 port 49426 ssh2
May 31 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Connection closed by 202.133.90.219 port 49426 [preauth]
May 31 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session closed for user root
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session closed for user p13x
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: Successful su for rubyman by root
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: + ??? root:rubyman
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431120 of user rubyman.
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: pam_unix(su:session): session closed for user rubyman
May 31 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431120.
May 31 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31662]: pam_unix(cron:session): session closed for user root
May 31 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user samftp
May 31 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Received disconnect from 185.255.100.198 port 37748:11: disconnected by user [preauth]
May 31 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Disconnected from 185.255.100.198 port 37748 [preauth]
May 31 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: Invalid user guest from 202.133.90.219
May 31 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: input_userauth_request: invalid user guest [preauth]
May 31 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: Failed password for invalid user guest from 202.133.90.219 port 56950 ssh2
May 31 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: Connection closed by 202.133.90.219 port 56950 [preauth]
May 31 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session closed for user p13x
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2613]: Successful su for rubyman by root
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2613]: + ??? root:rubyman
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431123 of user rubyman.
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2613]: pam_unix(su:session): session closed for user rubyman
May 31 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431123.
May 31 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session closed for user root
May 31 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session closed for user samftp
May 31 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
May 31 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Invalid user gitlab-runner from 202.133.90.219
May 31 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: input_userauth_request: invalid user gitlab-runner [preauth]
May 31 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Failed password for root from 103.77.175.15 port 36294 ssh2
May 31 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Connection closed by 103.77.175.15 port 36294 [preauth]
May 31 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Failed password for invalid user gitlab-runner from 202.133.90.219 port 49298 ssh2
May 31 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Connection closed by 202.133.90.219 port 49298 [preauth]
May 31 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session closed for user root
May 31 19:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Failed password for root from 125.20.210.182 port 55452 ssh2
May 31 19:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Connection closed by 125.20.210.182 port 55452 [preauth]
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2964]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2965]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2962]: pam_unix(cron:session): session closed for user p13x
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: Successful su for rubyman by root
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: + ??? root:rubyman
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431128 of user rubyman.
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: pam_unix(su:session): session closed for user rubyman
May 31 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431128.
May 31 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session closed for user root
May 31 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2963]: pam_unix(cron:session): session closed for user samftp
May 31 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Failed password for root from 87.251.79.125 port 33468 ssh2
May 31 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Connection closed by 87.251.79.125 port 33468 [preauth]
May 31 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Invalid user git from 202.133.90.219
May 31 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: input_userauth_request: invalid user git [preauth]
May 31 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session closed for user root
May 31 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Failed password for invalid user git from 202.133.90.219 port 51756 ssh2
May 31 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Connection closed by 202.133.90.219 port 51756 [preauth]
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3358]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3357]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3360]: pam_unix(cron:session): session closed for user root
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session closed for user p13x
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3421]: Successful su for rubyman by root
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3421]: + ??? root:rubyman
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431130 of user rubyman.
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3421]: pam_unix(su:session): session closed for user rubyman
May 31 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431130.
May 31 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3357]: pam_unix(cron:session): session closed for user root
May 31 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session closed for user root
May 31 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session closed for user samftp
May 31 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session closed for user root
May 31 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Invalid user ftpuser from 202.133.90.219
May 31 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: input_userauth_request: invalid user ftpuser [preauth]
May 31 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Failed password for invalid user ftpuser from 202.133.90.219 port 54748 ssh2
May 31 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Connection closed by 202.133.90.219 port 54748 [preauth]
May 31 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session closed for user p13x
May 31 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: Successful su for rubyman by root
May 31 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: + ??? root:rubyman
May 31 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431137 of user rubyman.
May 31 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: pam_unix(su:session): session closed for user rubyman
May 31 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431137.
May 31 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
May 31 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session closed for user samftp
May 31 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2965]: pam_unix(cron:session): session closed for user root
May 31 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Invalid user ftptest from 202.133.90.219
May 31 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: input_userauth_request: invalid user ftptest [preauth]
May 31 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Failed password for invalid user ftptest from 202.133.90.219 port 48440 ssh2
May 31 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Connection closed by 202.133.90.219 port 48440 [preauth]
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4396]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4395]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4393]: pam_unix(cron:session): session closed for user p13x
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: Successful su for rubyman by root
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: + ??? root:rubyman
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431140 of user rubyman.
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: pam_unix(su:session): session closed for user rubyman
May 31 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431140.
May 31 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session closed for user root
May 31 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4394]: pam_unix(cron:session): session closed for user samftp
May 31 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Invalid user symantec from 67.207.84.8
May 31 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: input_userauth_request: invalid user symantec [preauth]
May 31 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.84.8
May 31 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Failed password for invalid user symantec from 67.207.84.8 port 47218 ssh2
May 31 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Connection closed by 67.207.84.8 port 47218 [preauth]
May 31 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3359]: pam_unix(cron:session): session closed for user root
May 31 19:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4785]: pam_unix(cron:session): session closed for user p13x
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4855]: Successful su for rubyman by root
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4855]: + ??? root:rubyman
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431144 of user rubyman.
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4855]: pam_unix(su:session): session closed for user rubyman
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431144.
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Invalid user fff from 202.133.90.219
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: input_userauth_request: invalid user fff [preauth]
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Failed password for invalid user fff from 202.133.90.219 port 60802 ssh2
May 31 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Connection closed by 202.133.90.219 port 60802 [preauth]
May 31 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session closed for user root
May 31 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4787]: pam_unix(cron:session): session closed for user samftp
May 31 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user root
May 31 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100  user=root
May 31 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: Failed password for root from 193.24.211.100 port 53535 ssh2
May 31 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: Received disconnect from 193.24.211.100 port 53535:11: Client disconnecting normally [preauth]
May 31 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5172]: Disconnected from 193.24.211.100 port 53535 [preauth]
May 31 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: Failed password for root from 193.228.128.84 port 53128 ssh2
May 31 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: Connection closed by 193.228.128.84 port 53128 [preauth]
May 31 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5203]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5201]: pam_unix(cron:session): session closed for user p13x
May 31 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: Successful su for rubyman by root
May 31 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: + ??? root:rubyman
May 31 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431148 of user rubyman.
May 31 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: pam_unix(su:session): session closed for user rubyman
May 31 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431148.
May 31 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session closed for user root
May 31 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5202]: pam_unix(cron:session): session closed for user samftp
May 31 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: Invalid user elasticsearch from 202.133.90.219
May 31 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: input_userauth_request: invalid user elasticsearch [preauth]
May 31 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: Failed password for invalid user elasticsearch from 202.133.90.219 port 59798 ssh2
May 31 19:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5427]: Connection closed by 202.133.90.219 port 59798 [preauth]
May 31 19:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
May 31 19:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4396]: pam_unix(cron:session): session closed for user root
May 31 19:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Failed password for root from 103.27.238.114 port 49932 ssh2
May 31 19:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Connection closed by 103.27.238.114 port 49932 [preauth]
May 31 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Failed password for root from 109.172.54.111 port 53068 ssh2
May 31 19:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Connection closed by 109.172.54.111 port 53068 [preauth]
May 31 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Invalid user admin from 125.20.210.182
May 31 19:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: input_userauth_request: invalid user admin [preauth]
May 31 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Failed password for invalid user admin from 125.20.210.182 port 54244 ssh2
May 31 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Connection closed by 125.20.210.182 port 54244 [preauth]
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5607]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session closed for user root
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session closed for user p13x
May 31 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: Successful su for rubyman by root
May 31 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: + ??? root:rubyman
May 31 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431153 of user rubyman.
May 31 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: pam_unix(su:session): session closed for user rubyman
May 31 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431153.
May 31 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2964]: pam_unix(cron:session): session closed for user root
May 31 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5607]: pam_unix(cron:session): session closed for user root
May 31 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session closed for user samftp
May 31 19:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Invalid user ec2-user from 202.133.90.219
May 31 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: input_userauth_request: invalid user ec2-user [preauth]
May 31 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user ec2-user from 202.133.90.219 port 47860 ssh2
May 31 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Connection closed by 202.133.90.219 port 47860 [preauth]
May 31 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4793]: pam_unix(cron:session): session closed for user root
May 31 19:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Connection closed by 194.59.206.2 port 36916 [preauth]
May 31 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session closed for user p13x
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6087]: Successful su for rubyman by root
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6087]: + ??? root:rubyman
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431160 of user rubyman.
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6087]: pam_unix(su:session): session closed for user rubyman
May 31 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431160.
May 31 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Invalid user dev from 168.220.237.171
May 31 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: input_userauth_request: invalid user dev [preauth]
May 31 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.220.237.171
May 31 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3358]: pam_unix(cron:session): session closed for user root
May 31 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Failed password for invalid user dev from 168.220.237.171 port 46238 ssh2
May 31 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Connection closed by 168.220.237.171 port 46238 [preauth]
May 31 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session closed for user samftp
May 31 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: Invalid user carlos from 185.156.73.233
May 31 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: input_userauth_request: invalid user carlos [preauth]
May 31 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: Failed password for invalid user carlos from 185.156.73.233 port 20306 ssh2
May 31 19:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: Connection closed by 185.156.73.233 port 20306 [preauth]
May 31 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Invalid user devuser from 202.133.90.219
May 31 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: input_userauth_request: invalid user devuser [preauth]
May 31 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Received disconnect from 184.154.157.176 port 59782:11: disconnected by user [preauth]
May 31 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Disconnected from 184.154.157.176 port 59782 [preauth]
May 31 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for invalid user devuser from 202.133.90.219 port 39918 ssh2
May 31 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session closed for user root
May 31 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection closed by 202.133.90.219 port 39918 [preauth]
May 31 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Received disconnect from 104.243.46.222 port 40956:11: disconnected by user [preauth]
May 31 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Disconnected from 104.243.46.222 port 40956 [preauth]
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user p13x
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: Successful su for rubyman by root
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: + ??? root:rubyman
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431163 of user rubyman.
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: pam_unix(su:session): session closed for user rubyman
May 31 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431163.
May 31 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session closed for user root
May 31 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session closed for user samftp
May 31 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session closed for user root
May 31 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Invalid user dev from 202.133.90.219
May 31 19:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: input_userauth_request: invalid user dev [preauth]
May 31 19:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Failed password for invalid user dev from 202.133.90.219 port 59268 ssh2
May 31 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Connection closed by 202.133.90.219 port 59268 [preauth]
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user p13x
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6883]: Successful su for rubyman by root
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6883]: + ??? root:rubyman
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431166 of user rubyman.
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6883]: pam_unix(su:session): session closed for user rubyman
May 31 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431166.
May 31 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4395]: pam_unix(cron:session): session closed for user root
May 31 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user samftp
May 31 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user root
May 31 19:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Invalid user deploy from 202.133.90.219
May 31 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: input_userauth_request: invalid user deploy [preauth]
May 31 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Failed password for invalid user deploy from 202.133.90.219 port 36656 ssh2
May 31 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Connection closed by 202.133.90.219 port 36656 [preauth]
May 31 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session closed for user p13x
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7382]: Successful su for rubyman by root
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7382]: + ??? root:rubyman
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431171 of user rubyman.
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7382]: pam_unix(su:session): session closed for user rubyman
May 31 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431171.
May 31 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Failed password for root from 62.133.62.83 port 56380 ssh2
May 31 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Connection closed by 62.133.62.83 port 56380 [preauth]
May 31 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4791]: pam_unix(cron:session): session closed for user root
May 31 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session closed for user samftp
May 31 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.236.22.41  user=root
May 31 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Failed password for root from 185.236.22.41 port 36626 ssh2
May 31 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Connection closed by 185.236.22.41 port 36626 [preauth]
May 31 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session closed for user root
May 31 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Failed password for root from 37.233.85.71 port 59202 ssh2
May 31 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Connection closed by 37.233.85.71 port 59202 [preauth]
May 31 19:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Invalid user deployer from 202.133.90.219
May 31 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: input_userauth_request: invalid user deployer [preauth]
May 31 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Failed password for invalid user deployer from 202.133.90.219 port 47980 ssh2
May 31 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Connection closed by 202.133.90.219 port 47980 [preauth]
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7816]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7817]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session closed for user root
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7814]: pam_unix(cron:session): session closed for user p13x
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: Successful su for rubyman by root
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: + ??? root:rubyman
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431174 of user rubyman.
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7878]: pam_unix(su:session): session closed for user rubyman
May 31 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431174.
May 31 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7816]: pam_unix(cron:session): session closed for user root
May 31 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5203]: pam_unix(cron:session): session closed for user root
May 31 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
May 31 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
May 31 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7815]: pam_unix(cron:session): session closed for user samftp
May 31 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Failed password for root from 103.27.238.120 port 50564 ssh2
May 31 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Failed password for root from 103.27.238.116 port 40762 ssh2
May 31 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Connection closed by 103.27.238.120 port 50564 [preauth]
May 31 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Connection closed by 103.27.238.116 port 40762 [preauth]
May 31 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session closed for user root
May 31 19:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Failed password for root from 193.37.70.224 port 47614 ssh2
May 31 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Connection closed by 193.37.70.224 port 47614 [preauth]
May 31 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8243]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8242]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8240]: pam_unix(cron:session): session closed for user p13x
May 31 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: Successful su for rubyman by root
May 31 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: + ??? root:rubyman
May 31 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431180 of user rubyman.
May 31 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: pam_unix(su:session): session closed for user rubyman
May 31 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431180.
May 31 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session closed for user root
May 31 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8241]: pam_unix(cron:session): session closed for user samftp
May 31 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: Invalid user demo from 202.133.90.219
May 31 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: input_userauth_request: invalid user demo [preauth]
May 31 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: Failed password for invalid user demo from 202.133.90.219 port 41644 ssh2
May 31 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: Connection closed by 202.133.90.219 port 41644 [preauth]
May 31 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: Received disconnect from 91.98.80.4 port 45094:11: disconnected by user [preauth]
May 31 19:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: Disconnected from 91.98.80.4 port 45094 [preauth]
May 31 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user root
May 31 19:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Failed password for root from 125.20.210.182 port 47630 ssh2
May 31 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Connection closed by 125.20.210.182 port 47630 [preauth]
May 31 19:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.108.118.91  user=root
May 31 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Failed password for root from 89.108.118.91 port 43358 ssh2
May 31 19:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Connection closed by 89.108.118.91 port 43358 [preauth]
May 31 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: Received disconnect from 142.44.247.134 port 43764:11: disconnected by user [preauth]
May 31 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: Disconnected from 142.44.247.134 port 43764 [preauth]
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8648]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8649]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session closed for user p13x
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: Successful su for rubyman by root
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: + ??? root:rubyman
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431185 of user rubyman.
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: pam_unix(su:session): session closed for user rubyman
May 31 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431185.
May 31 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user root
May 31 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8647]: pam_unix(cron:session): session closed for user samftp
May 31 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Invalid user debian from 202.133.90.219
May 31 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: input_userauth_request: invalid user debian [preauth]
May 31 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user debian from 202.133.90.219 port 45154 ssh2
May 31 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection closed by 202.133.90.219 port 45154 [preauth]
May 31 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session closed for user root
May 31 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
May 31 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: Failed password for root from 51.250.105.222 port 60362 ssh2
May 31 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9023]: Connection closed by 51.250.105.222 port 60362 [preauth]
May 31 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session closed for user p13x
May 31 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: Successful su for rubyman by root
May 31 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: + ??? root:rubyman
May 31 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431188 of user rubyman.
May 31 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: pam_unix(su:session): session closed for user rubyman
May 31 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431188.
May 31 19:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session closed for user root
May 31 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session closed for user samftp
May 31 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
May 31 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9295]: Failed password for root from 103.153.68.219 port 60336 ssh2
May 31 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9295]: Connection closed by 103.153.68.219 port 60336 [preauth]
May 31 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Invalid user panotitis from 173.254.234.162
May 31 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: input_userauth_request: invalid user panotitis [preauth]
May 31 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.254.234.162
May 31 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Failed password for invalid user panotitis from 173.254.234.162 port 45362 ssh2
May 31 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Connection closed by 173.254.234.162 port 45362 [preauth]
May 31 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: Invalid user debian from 202.133.90.219
May 31 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: input_userauth_request: invalid user debian [preauth]
May 31 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: Failed password for invalid user debian from 202.133.90.219 port 60916 ssh2
May 31 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: Connection closed by 202.133.90.219 port 60916 [preauth]
May 31 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8243]: pam_unix(cron:session): session closed for user root
May 31 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Received disconnect from 46.62.239.90 port 40586:11: disconnected by user [preauth]
May 31 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Disconnected from 46.62.239.90 port 40586 [preauth]
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9445]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session closed for user p13x
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9555]: Successful su for rubyman by root
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9555]: + ??? root:rubyman
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431192 of user rubyman.
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9555]: pam_unix(su:session): session closed for user rubyman
May 31 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431192.
May 31 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9445]: pam_unix(cron:session): session closed for user root
May 31 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session closed for user root
May 31 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9448]: pam_unix(cron:session): session closed for user samftp
May 31 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8649]: pam_unix(cron:session): session closed for user root
May 31 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Received disconnect from 91.208.197.64 port 34804:11: disconnected by user [preauth]
May 31 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Disconnected from 91.208.197.64 port 34804 [preauth]
May 31 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Invalid user debian from 202.133.90.219
May 31 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: input_userauth_request: invalid user debian [preauth]
May 31 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user debian from 202.133.90.219 port 41266 ssh2
May 31 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Connection closed by 202.133.90.219 port 41266 [preauth]
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10106]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10108]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10108]: pam_unix(cron:session): session closed for user root
May 31 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10103]: pam_unix(cron:session): session closed for user p13x
May 31 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10172]: Successful su for rubyman by root
May 31 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10172]: + ??? root:rubyman
May 31 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431202 of user rubyman.
May 31 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10172]: pam_unix(su:session): session closed for user rubyman
May 31 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431202.
May 31 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session closed for user root
May 31 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session closed for user root
May 31 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session closed for user samftp
May 31 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: Failed password for root from 38.93.206.2 port 48840 ssh2
May 31 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: Connection closed by 38.93.206.2 port 48840 [preauth]
May 31 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user root
May 31 19:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Invalid user debian from 202.133.90.219
May 31 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: input_userauth_request: invalid user debian [preauth]
May 31 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Failed password for invalid user debian from 202.133.90.219 port 48614 ssh2
May 31 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Connection closed by 202.133.90.219 port 48614 [preauth]
May 31 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session closed for user p13x
May 31 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: Successful su for rubyman by root
May 31 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: + ??? root:rubyman
May 31 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431203 of user rubyman.
May 31 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: pam_unix(su:session): session closed for user rubyman
May 31 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431203.
May 31 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7817]: pam_unix(cron:session): session closed for user root
May 31 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session closed for user samftp
May 31 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session closed for user root
May 31 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Invalid user 1111 from 80.94.95.115
May 31 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: input_userauth_request: invalid user 1111 [preauth]
May 31 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May 31 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Failed password for invalid user 1111 from 80.94.95.115 port 25572 ssh2
May 31 19:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Connection closed by 80.94.95.115 port 25572 [preauth]
May 31 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Invalid user c2 from 202.133.90.219
May 31 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: input_userauth_request: invalid user c2 [preauth]
May 31 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11071]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11072]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11069]: pam_unix(cron:session): session closed for user p13x
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: Successful su for rubyman by root
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: + ??? root:rubyman
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431208 of user rubyman.
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: pam_unix(su:session): session closed for user rubyman
May 31 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431208.
May 31 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Failed password for invalid user c2 from 202.133.90.219 port 47006 ssh2
May 31 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Connection closed by 202.133.90.219 port 47006 [preauth]
May 31 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8242]: pam_unix(cron:session): session closed for user root
May 31 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11070]: pam_unix(cron:session): session closed for user samftp
May 31 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10107]: pam_unix(cron:session): session closed for user root
May 31 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
May 31 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: Failed password for root from 103.149.28.157 port 38902 ssh2
May 31 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: Connection closed by 103.149.28.157 port 38902 [preauth]
May 31 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Received disconnect from 51.68.103.106 port 43850:11: disconnected by user [preauth]
May 31 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Disconnected from 51.68.103.106 port 43850 [preauth]
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user p13x
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11554]: Successful su for rubyman by root
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11554]: + ??? root:rubyman
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431211 of user rubyman.
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11554]: pam_unix(su:session): session closed for user rubyman
May 31 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431211.
May 31 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Received disconnect from 78.111.67.246 port 47018:11: disconnected by user [preauth]
May 31 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Disconnected from 78.111.67.246 port 47018 [preauth]
May 31 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8648]: pam_unix(cron:session): session closed for user root
May 31 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user samftp
May 31 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Invalid user bs from 202.133.90.219
May 31 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: input_userauth_request: invalid user bs [preauth]
May 31 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Failed password for invalid user bs from 202.133.90.219 port 55294 ssh2
May 31 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Connection closed by 202.133.90.219 port 55294 [preauth]
May 31 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session closed for user root
May 31 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11762]: Failed password for root from 125.20.210.182 port 41810 ssh2
May 31 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11762]: Connection closed by 125.20.210.182 port 41810 [preauth]
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session closed for user p13x
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12020]: Successful su for rubyman by root
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12020]: + ??? root:rubyman
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431215 of user rubyman.
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12020]: pam_unix(su:session): session closed for user rubyman
May 31 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431215.
May 31 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session closed for user root
May 31 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session closed for user samftp
May 31 19:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Invalid user bot from 202.133.90.219
May 31 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: input_userauth_request: invalid user bot [preauth]
May 31 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Failed password for invalid user bot from 202.133.90.219 port 45820 ssh2
May 31 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Connection closed by 202.133.90.219 port 45820 [preauth]
May 31 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11072]: pam_unix(cron:session): session closed for user root
May 31 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: Bad protocol version identification '\026\003\001' from 45.33.14.197 port 42349
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12478]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session closed for user root
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session closed for user p13x
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: Successful su for rubyman by root
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: + ??? root:rubyman
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431223 of user rubyman.
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: pam_unix(su:session): session closed for user rubyman
May 31 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431223.
May 31 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12478]: pam_unix(cron:session): session closed for user root
May 31 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session closed for user root
May 31 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12477]: pam_unix(cron:session): session closed for user samftp
May 31 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Invalid user boss from 202.133.90.219
May 31 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: input_userauth_request: invalid user boss [preauth]
May 31 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Failed password for invalid user boss from 202.133.90.219 port 55436 ssh2
May 31 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Connection closed by 202.133.90.219 port 55436 [preauth]
May 31 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session closed for user root
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12920]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user p13x
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12983]: Successful su for rubyman by root
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12983]: + ??? root:rubyman
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431226 of user rubyman.
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12983]: pam_unix(su:session): session closed for user rubyman
May 31 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431226.
May 31 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10106]: pam_unix(cron:session): session closed for user root
May 31 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user samftp
May 31 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.197.250  user=root
May 31 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Failed password for root from 147.45.197.250 port 56508 ssh2
May 31 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Connection closed by 147.45.197.250 port 56508 [preauth]
May 31 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Invalid user admin from 202.133.90.219
May 31 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: input_userauth_request: invalid user admin [preauth]
May 31 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session closed for user root
May 31 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Failed password for invalid user admin from 202.133.90.219 port 37110 ssh2
May 31 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Connection closed by 202.133.90.219 port 37110 [preauth]
May 31 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13342]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13341]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13339]: pam_unix(cron:session): session closed for user p13x
May 31 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13400]: Successful su for rubyman by root
May 31 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13400]: + ??? root:rubyman
May 31 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431230 of user rubyman.
May 31 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13400]: pam_unix(su:session): session closed for user rubyman
May 31 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431230.
May 31 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10634]: pam_unix(cron:session): session closed for user root
May 31 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13340]: pam_unix(cron:session): session closed for user samftp
May 31 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session closed for user root
May 31 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Invalid user admin from 202.133.90.219
May 31 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: input_userauth_request: invalid user admin [preauth]
May 31 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Failed password for invalid user admin from 202.133.90.219 port 47204 ssh2
May 31 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Connection closed by 202.133.90.219 port 47204 [preauth]
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session closed for user p13x
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: Successful su for rubyman by root
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: + ??? root:rubyman
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431233 of user rubyman.
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session closed for user rubyman
May 31 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431233.
May 31 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11071]: pam_unix(cron:session): session closed for user root
May 31 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user samftp
May 31 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
May 31 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Failed password for root from 109.237.96.109 port 46534 ssh2
May 31 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Connection closed by 109.237.96.109 port 46534 [preauth]
May 31 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session closed for user root
May 31 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: Invalid user admin from 202.133.90.219
May 31 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: input_userauth_request: invalid user admin [preauth]
May 31 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: Failed password for invalid user admin from 202.133.90.219 port 49466 ssh2
May 31 19:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14100]: Connection closed by 202.133.90.219 port 49466 [preauth]
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14125]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14124]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session closed for user p13x
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14185]: Successful su for rubyman by root
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14185]: + ??? root:rubyman
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431237 of user rubyman.
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14185]: pam_unix(su:session): session closed for user rubyman
May 31 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431237.
May 31 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
May 31 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session closed for user samftp
May 31 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13342]: pam_unix(cron:session): session closed for user root
May 31 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Invalid user postgres from 125.20.210.182
May 31 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: input_userauth_request: invalid user postgres [preauth]
May 31 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Failed password for invalid user postgres from 125.20.210.182 port 45770 ssh2
May 31 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Connection closed by 125.20.210.182 port 45770 [preauth]
May 31 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Invalid user admin from 202.133.90.219
May 31 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: input_userauth_request: invalid user admin [preauth]
May 31 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14514]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session closed for user root
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Failed password for invalid user admin from 202.133.90.219 port 48382 ssh2
May 31 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session closed for user p13x
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: Successful su for rubyman by root
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: + ??? root:rubyman
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431242 of user rubyman.
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: pam_unix(su:session): session closed for user rubyman
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431242.
May 31 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Connection closed by 202.133.90.219 port 48382 [preauth]
May 31 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session closed for user root
May 31 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user root
May 31 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session closed for user samftp
May 31 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session closed for user root
May 31 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session closed for user p13x
May 31 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15090]: Successful su for rubyman by root
May 31 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15090]: + ??? root:rubyman
May 31 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431248 of user rubyman.
May 31 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15090]: pam_unix(su:session): session closed for user rubyman
May 31 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431248.
May 31 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session closed for user root
May 31 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session closed for user samftp
May 31 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Invalid user alessia from 213.209.159.56
May 31 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: input_userauth_request: invalid user alessia [preauth]
May 31 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user alessia from 213.209.159.56 port 7843 ssh2
May 31 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user alessia from 213.209.159.56 port 7843 ssh2
May 31 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user alessia from 213.209.159.56 port 7843 ssh2
May 31 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Invalid user abc from 202.133.90.219
May 31 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: input_userauth_request: invalid user abc [preauth]
May 31 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user alessia from 213.209.159.56 port 7843 ssh2
May 31 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Failed password for invalid user abc from 202.133.90.219 port 36494 ssh2
May 31 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Connection closed by 202.133.90.219 port 36494 [preauth]
May 31 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user alessia from 213.209.159.56 port 7843 ssh2
May 31 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Received disconnect from 213.209.159.56 port 7843:11: Bye [preauth]
May 31 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Disconnected from 213.209.159.56 port 7843 [preauth]
May 31 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.159.56
May 31 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14125]: pam_unix(cron:session): session closed for user root
May 31 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Invalid user nutanix from 185.156.73.233
May 31 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: input_userauth_request: invalid user nutanix [preauth]
May 31 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15434]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15435]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session closed for user p13x
May 31 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user nutanix from 185.156.73.233 port 42198 ssh2
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Connection closed by 185.156.73.233 port 42198 [preauth]
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: Successful su for rubyman by root
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: + ??? root:rubyman
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431253 of user rubyman.
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: pam_unix(su:session): session closed for user rubyman
May 31 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431253.
May 31 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12920]: pam_unix(cron:session): session closed for user root
May 31 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session closed for user samftp
May 31 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Invalid user abc from 202.133.90.219
May 31 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: input_userauth_request: invalid user abc [preauth]
May 31 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Failed password for invalid user abc from 202.133.90.219 port 47972 ssh2
May 31 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Connection closed by 202.133.90.219 port 47972 [preauth]
May 31 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14514]: pam_unix(cron:session): session closed for user root
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15818]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user p13x
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15874]: Successful su for rubyman by root
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15874]: + ??? root:rubyman
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431257 of user rubyman.
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15874]: pam_unix(su:session): session closed for user rubyman
May 31 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431257.
May 31 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13341]: pam_unix(cron:session): session closed for user root
May 31 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session closed for user samftp
May 31 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session closed for user root
May 31 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Invalid user aaron from 202.133.90.219
May 31 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: input_userauth_request: invalid user aaron [preauth]
May 31 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Failed password for invalid user aaron from 202.133.90.219 port 33884 ssh2
May 31 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Connection closed by 202.133.90.219 port 33884 [preauth]
May 31 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16207]: pam_unix(cron:session): session closed for user p13x
May 31 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16265]: Successful su for rubyman by root
May 31 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16265]: + ??? root:rubyman
May 31 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431260 of user rubyman.
May 31 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16265]: pam_unix(su:session): session closed for user rubyman
May 31 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431260.
May 31 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session closed for user root
May 31 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session closed for user samftp
May 31 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15435]: pam_unix(cron:session): session closed for user root
May 31 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
May 31 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Invalid user 123 from 202.133.90.219
May 31 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: input_userauth_request: invalid user 123 [preauth]
May 31 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: Failed password for root from 103.82.20.28 port 47608 ssh2
May 31 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: Connection closed by 103.82.20.28 port 47608 [preauth]
May 31 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Failed password for invalid user 123 from 202.133.90.219 port 53804 ssh2
May 31 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Connection closed by 202.133.90.219 port 53804 [preauth]
May 31 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
May 31 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Failed password for root from 103.176.20.57 port 34222 ssh2
May 31 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Connection closed by 103.176.20.57 port 34222 [preauth]
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16597]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16596]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16598]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16598]: pam_unix(cron:session): session closed for user root
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session closed for user p13x
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: Successful su for rubyman by root
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: + ??? root:rubyman
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431264 of user rubyman.
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: pam_unix(su:session): session closed for user rubyman
May 31 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431264.
May 31 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14124]: pam_unix(cron:session): session closed for user root
May 31 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session closed for user root
May 31 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
May 31 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session closed for user samftp
May 31 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Failed password for root from 147.45.199.80 port 57918 ssh2
May 31 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Connection closed by 147.45.199.80 port 57918 [preauth]
May 31 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15818]: pam_unix(cron:session): session closed for user root
May 31 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Invalid user z from 202.133.90.219
May 31 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: input_userauth_request: invalid user z [preauth]
May 31 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Failed password for invalid user z from 202.133.90.219 port 50312 ssh2
May 31 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Connection closed by 202.133.90.219 port 50312 [preauth]
May 31 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17013]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17012]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17010]: pam_unix(cron:session): session closed for user p13x
May 31 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: Successful su for rubyman by root
May 31 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: + ??? root:rubyman
May 31 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431269 of user rubyman.
May 31 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: pam_unix(su:session): session closed for user rubyman
May 31 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431269.
May 31 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session closed for user root
May 31 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17011]: pam_unix(cron:session): session closed for user samftp
May 31 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Failed password for root from 125.20.210.182 port 58296 ssh2
May 31 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Connection closed by 125.20.210.182 port 58296 [preauth]
May 31 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session closed for user root
May 31 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Invalid user x from 202.133.90.219
May 31 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: input_userauth_request: invalid user x [preauth]
May 31 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session closed for user p13x
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17480]: Successful su for rubyman by root
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17480]: + ??? root:rubyman
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431274 of user rubyman.
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17480]: pam_unix(su:session): session closed for user rubyman
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431274.
May 31 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user x from 202.133.90.219 port 54580 ssh2
May 31 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Connection closed by 202.133.90.219 port 54580 [preauth]
May 31 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session closed for user root
May 31 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17418]: pam_unix(cron:session): session closed for user samftp
May 31 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16597]: pam_unix(cron:session): session closed for user root
May 31 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Invalid user www from 193.24.211.100
May 31 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: input_userauth_request: invalid user www [preauth]
May 31 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100
May 31 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Failed password for invalid user www from 193.24.211.100 port 25364 ssh2
May 31 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Received disconnect from 193.24.211.100 port 25364:11: Client disconnecting normally [preauth]
May 31 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Disconnected from 193.24.211.100 port 25364 [preauth]
May 31 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17903]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session closed for user p13x
May 31 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: Successful su for rubyman by root
May 31 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: + ??? root:rubyman
May 31 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431277 of user rubyman.
May 31 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: pam_unix(su:session): session closed for user rubyman
May 31 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431277.
May 31 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15434]: pam_unix(cron:session): session closed for user root
May 31 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17902]: pam_unix(cron:session): session closed for user samftp
May 31 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Invalid user www from 202.133.90.219
May 31 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: input_userauth_request: invalid user www [preauth]
May 31 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Failed password for invalid user www from 202.133.90.219 port 44026 ssh2
May 31 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Connection closed by 202.133.90.219 port 44026 [preauth]
May 31 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17013]: pam_unix(cron:session): session closed for user root
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session closed for user p13x
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: Successful su for rubyman by root
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: + ??? root:rubyman
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431281 of user rubyman.
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: pam_unix(su:session): session closed for user rubyman
May 31 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431281.
May 31 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session closed for user root
May 31 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session closed for user samftp
May 31 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: Invalid user wss from 202.133.90.219
May 31 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: input_userauth_request: invalid user wss [preauth]
May 31 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: pam_unix(sshd:auth): check pass; user unknown
May 31 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: Failed password for invalid user wss from 202.133.90.219 port 44816 ssh2
May 31 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: Connection closed by 202.133.90.219 port 44816 [preauth]
May 31 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user root
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18820]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session closed for user root
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user root
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session closed for user p13x
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: Successful su for rubyman by root
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: + ??? root:rubyman
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431291 of user rubyman.
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: pam_unix(su:session): session closed for user rubyman
May 31 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431291.
May 31 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18820]: pam_unix(cron:session): session closed for user root
May 31 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session closed for user root
May 31 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session closed for user samftp
May 31 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: Invalid user website from 202.133.90.219
May 31 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: input_userauth_request: invalid user website [preauth]
May 31 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
May 31 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: Failed password for invalid user website from 202.133.90.219 port 45348 ssh2
May 31 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19272]: Connection closed by 202.133.90.219 port 45348 [preauth]
May 31 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: Failed password for root from 103.15.222.183 port 50316 ssh2
May 31 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: Connection closed by 103.15.222.183 port 50316 [preauth]
May 31 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17905]: pam_unix(cron:session): session closed for user root
May 31 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19417]: pam_unix(cron:session): session closed for user p13x
May 31 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19598]: Successful su for rubyman by root
May 31 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19598]: + ??? root:rubyman
May 31 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431293 of user rubyman.
May 31 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19598]: pam_unix(su:session): session closed for user rubyman
May 31 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431293.
May 31 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16596]: pam_unix(cron:session): session closed for user root
May 31 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19418]: pam_unix(cron:session): session closed for user samftp
May 31 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session closed for user root
May 31 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Invalid user vpn from 202.133.90.219
May 31 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: input_userauth_request: invalid user vpn [preauth]
May 31 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Failed password for invalid user vpn from 202.133.90.219 port 55832 ssh2
May 31 20:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Connection closed by 202.133.90.219 port 55832 [preauth]
May 31 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20039]: pam_unix(cron:session): session closed for user p13x
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20098]: Successful su for rubyman by root
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20098]: + ??? root:rubyman
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431297 of user rubyman.
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20098]: pam_unix(su:session): session closed for user rubyman
May 31 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431297.
May 31 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.82.76.2  user=root
May 31 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17012]: pam_unix(cron:session): session closed for user root
May 31 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session closed for user samftp
May 31 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: Failed password for root from 170.82.76.2 port 34718 ssh2
May 31 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: Connection closed by 170.82.76.2 port 34718 [preauth]
May 31 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user root
May 31 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Invalid user peter from 117.187.180.236
May 31 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: input_userauth_request: invalid user peter [preauth]
May 31 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.187.180.236
May 31 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Failed password for invalid user peter from 117.187.180.236 port 58326 ssh2
May 31 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Received disconnect from 117.187.180.236 port 58326:11: Bye Bye [preauth]
May 31 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Disconnected from 117.187.180.236 port 58326 [preauth]
May 31 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: Failed password for root from 125.20.210.182 port 51376 ssh2
May 31 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: Connection closed by 125.20.210.182 port 51376 [preauth]
May 31 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: Invalid user user from 202.133.90.219
May 31 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: input_userauth_request: invalid user user [preauth]
May 31 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: Failed password for invalid user user from 202.133.90.219 port 51474 ssh2
May 31 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: Connection closed by 202.133.90.219 port 51474 [preauth]
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user p13x
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20600]: Successful su for rubyman by root
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20600]: + ??? root:rubyman
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431301 of user rubyman.
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20600]: pam_unix(su:session): session closed for user rubyman
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431301.
May 31 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session closed for user root
May 31 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Failed password for root from 155.103.71.46 port 59482 ssh2
May 31 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Received disconnect from 155.103.71.46 port 59482:11: Bye Bye [preauth]
May 31 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Disconnected from 155.103.71.46 port 59482 [preauth]
May 31 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session closed for user samftp
May 31 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session closed for user root
May 31 20:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Invalid user ubuntu from 202.133.90.219
May 31 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: input_userauth_request: invalid user ubuntu [preauth]
May 31 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Failed password for invalid user ubuntu from 202.133.90.219 port 49064 ssh2
May 31 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Connection closed by 202.133.90.219 port 49064 [preauth]
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21038]: pam_unix(cron:session): session closed for user p13x
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21101]: Successful su for rubyman by root
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21101]: + ??? root:rubyman
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431304 of user rubyman.
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21101]: pam_unix(su:session): session closed for user rubyman
May 31 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431304.
May 31 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17903]: pam_unix(cron:session): session closed for user root
May 31 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session closed for user samftp
May 31 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session closed for user root
May 31 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21461]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21459]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21461]: pam_unix(cron:session): session closed for user root
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user p13x
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: Successful su for rubyman by root
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: + ??? root:rubyman
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431310 of user rubyman.
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: pam_unix(su:session): session closed for user rubyman
May 31 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431310.
May 31 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session closed for user root
May 31 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user root
May 31 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: Invalid user test from 202.133.90.219
May 31 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: input_userauth_request: invalid user test [preauth]
May 31 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session closed for user samftp
May 31 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: Failed password for invalid user test from 202.133.90.219 port 58120 ssh2
May 31 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: Connection closed by 202.133.90.219 port 58120 [preauth]
May 31 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session closed for user root
May 31 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
May 31 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Failed password for root from 103.122.221.179 port 60230 ssh2
May 31 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Connection closed by 103.122.221.179 port 60230 [preauth]
May 31 20:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: Invalid user gg from 109.195.179.94
May 31 20:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: input_userauth_request: invalid user gg [preauth]
May 31 20:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: Failed password for invalid user gg from 109.195.179.94 port 44356 ssh2
May 31 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: Received disconnect from 109.195.179.94 port 44356:11: Bye Bye [preauth]
May 31 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: Disconnected from 109.195.179.94 port 44356 [preauth]
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21904]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21902]: pam_unix(cron:session): session closed for user p13x
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: Successful su for rubyman by root
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: + ??? root:rubyman
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431314 of user rubyman.
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: pam_unix(su:session): session closed for user rubyman
May 31 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431314.
May 31 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session closed for user root
May 31 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21903]: pam_unix(cron:session): session closed for user samftp
May 31 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for root from 155.103.71.46 port 36724 ssh2
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Invalid user test2 from 202.133.90.219
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: input_userauth_request: invalid user test2 [preauth]
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Received disconnect from 155.103.71.46 port 36724:11: Bye Bye [preauth]
May 31 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Disconnected from 155.103.71.46 port 36724 [preauth]
May 31 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user test2 from 202.133.90.219 port 55172 ssh2
May 31 20:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Connection closed by 202.133.90.219 port 55172 [preauth]
May 31 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session closed for user root
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22317]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22316]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22314]: pam_unix(cron:session): session closed for user p13x
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22376]: Successful su for rubyman by root
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22376]: + ??? root:rubyman
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431318 of user rubyman.
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22376]: pam_unix(su:session): session closed for user rubyman
May 31 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431318.
May 31 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session closed for user root
May 31 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22315]: pam_unix(cron:session): session closed for user samftp
May 31 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Invalid user temp from 202.133.90.219
May 31 20:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: input_userauth_request: invalid user temp [preauth]
May 31 20:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Failed password for invalid user temp from 202.133.90.219 port 46174 ssh2
May 31 20:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Connection closed by 202.133.90.219 port 46174 [preauth]
May 31 20:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Invalid user ftpuser from 80.94.95.116
May 31 20:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: input_userauth_request: invalid user ftpuser [preauth]
May 31 20:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May 31 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Failed password for invalid user ftpuser from 80.94.95.116 port 27130 ssh2
May 31 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Connection closed by 80.94.95.116 port 27130 [preauth]
May 31 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session closed for user root
May 31 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Invalid user ubuntu from 155.103.71.46
May 31 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: input_userauth_request: invalid user ubuntu [preauth]
May 31 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46
May 31 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Failed password for invalid user ubuntu from 155.103.71.46 port 44118 ssh2
May 31 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Received disconnect from 155.103.71.46 port 44118:11: Bye Bye [preauth]
May 31 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Disconnected from 155.103.71.46 port 44118 [preauth]
May 31 20:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.98.239  user=root
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session closed for user p13x
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: Successful su for rubyman by root
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: + ??? root:rubyman
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431323 of user rubyman.
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session closed for user rubyman
May 31 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431323.
May 31 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: Failed password for root from 94.159.98.239 port 44376 ssh2
May 31 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: Connection closed by 94.159.98.239 port 44376 [preauth]
May 31 20:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session closed for user root
May 31 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session closed for user samftp
May 31 20:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: Did not receive identification string from 115.190.161.6
May 31 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21905]: pam_unix(cron:session): session closed for user root
May 31 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Invalid user shop from 202.133.90.219
May 31 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: input_userauth_request: invalid user shop [preauth]
May 31 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Failed password for invalid user shop from 202.133.90.219 port 51486 ssh2
May 31 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Connection closed by 202.133.90.219 port 51486 [preauth]
May 31 20:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Failed password for root from 155.103.71.46 port 45674 ssh2
May 31 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Received disconnect from 155.103.71.46 port 45674:11: Bye Bye [preauth]
May 31 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Disconnected from 155.103.71.46 port 45674 [preauth]
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23087]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session closed for user p13x
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: Successful su for rubyman by root
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: + ??? root:rubyman
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431326 of user rubyman.
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: pam_unix(su:session): session closed for user rubyman
May 31 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431326.
May 31 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23087]: pam_unix(cron:session): session closed for user root
May 31 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session closed for user root
May 31 20:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session closed for user samftp
May 31 20:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: Invalid user openhabian from 125.20.210.182
May 31 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: input_userauth_request: invalid user openhabian [preauth]
May 31 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: Failed password for invalid user openhabian from 125.20.210.182 port 42284 ssh2
May 31 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Received disconnect from 154.16.180.28 port 44854:11: disconnected by user [preauth]
May 31 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Disconnected from 154.16.180.28 port 44854 [preauth]
May 31 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23444]: Connection closed by 125.20.210.182 port 42284 [preauth]
May 31 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Invalid user sol from 109.195.179.94
May 31 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: input_userauth_request: invalid user sol [preauth]
May 31 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Failed password for invalid user sol from 109.195.179.94 port 48992 ssh2
May 31 20:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Received disconnect from 109.195.179.94 port 48992:11: Bye Bye [preauth]
May 31 20:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Disconnected from 109.195.179.94 port 48992 [preauth]
May 31 20:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22317]: pam_unix(cron:session): session closed for user root
May 31 20:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Invalid user server from 202.133.90.219
May 31 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: input_userauth_request: invalid user server [preauth]
May 31 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219
May 31 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Failed password for invalid user server from 202.133.90.219 port 56896 ssh2
May 31 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Connection closed by 202.133.90.219 port 56896 [preauth]
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23601]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23600]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23602]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23599]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23602]: pam_unix(cron:session): session closed for user root
May 31 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session closed for user p13x
May 31 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: Successful su for rubyman by root
May 31 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: + ??? root:rubyman
May 31 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431331 of user rubyman.
May 31 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: pam_unix(su:session): session closed for user rubyman
May 31 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431331.
May 31 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session closed for user root
May 31 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23599]: pam_unix(cron:session): session closed for user root
May 31 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23598]: pam_unix(cron:session): session closed for user samftp
May 31 20:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Failed password for root from 155.103.71.46 port 58224 ssh2
May 31 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Received disconnect from 155.103.71.46 port 58224:11: Bye Bye [preauth]
May 31 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Disconnected from 155.103.71.46 port 58224 [preauth]
May 31 20:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user root
May 31 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Invalid user  from 65.49.1.235
May 31 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: input_userauth_request: invalid user  [preauth]
May 31 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94  user=root
May 31 20:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Connection closed by 65.49.1.235 port 56517 [preauth]
May 31 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Failed password for root from 109.195.179.94 port 33434 ssh2
May 31 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Received disconnect from 109.195.179.94 port 33434:11: Bye Bye [preauth]
May 31 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Disconnected from 109.195.179.94 port 33434 [preauth]
May 31 20:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Failed password for root from 202.133.90.219 port 57720 ssh2
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Connection closed by 202.133.90.219 port 57720 [preauth]
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24145]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session closed for user p13x
May 31 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: Successful su for rubyman by root
May 31 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: + ??? root:rubyman
May 31 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431338 of user rubyman.
May 31 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: pam_unix(su:session): session closed for user rubyman
May 31 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431338.
May 31 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21459]: pam_unix(cron:session): session closed for user root
May 31 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session closed for user samftp
May 31 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session closed for user root
May 31 20:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Invalid user ftpadmin from 155.103.71.46
May 31 20:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: input_userauth_request: invalid user ftpadmin [preauth]
May 31 20:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46
May 31 20:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Failed password for invalid user ftpadmin from 155.103.71.46 port 38682 ssh2
May 31 20:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Received disconnect from 155.103.71.46 port 38682:11: Bye Bye [preauth]
May 31 20:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24553]: Disconnected from 155.103.71.46 port 38682 [preauth]
May 31 20:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94  user=root
May 31 20:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Failed password for root from 109.195.179.94 port 33930 ssh2
May 31 20:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Received disconnect from 109.195.179.94 port 33930:11: Bye Bye [preauth]
May 31 20:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Disconnected from 109.195.179.94 port 33930 [preauth]
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session closed for user p13x
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: Successful su for rubyman by root
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: + ??? root:rubyman
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431343 of user rubyman.
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: pam_unix(su:session): session closed for user rubyman
May 31 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431343.
May 31 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21904]: pam_unix(cron:session): session closed for user root
May 31 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session closed for user samftp
May 31 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Failed password for root from 202.133.90.219 port 54836 ssh2
May 31 20:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Connection closed by 202.133.90.219 port 54836 [preauth]
May 31 20:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
May 31 20:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Failed password for root from 194.113.233.25 port 49036 ssh2
May 31 20:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Connection closed by 194.113.233.25 port 49036 [preauth]
May 31 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23601]: pam_unix(cron:session): session closed for user root
May 31 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.173.227.57  user=root
May 31 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24926]: Failed password for root from 103.173.227.57 port 59772 ssh2
May 31 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24926]: Connection closed by 103.173.227.57 port 59772 [preauth]
May 31 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session closed for user p13x
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: Successful su for rubyman by root
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: + ??? root:rubyman
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431345 of user rubyman.
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: pam_unix(su:session): session closed for user rubyman
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431345.
May 31 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22316]: pam_unix(cron:session): session closed for user root
May 31 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Invalid user strapi from 109.195.179.94
May 31 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: input_userauth_request: invalid user strapi [preauth]
May 31 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user samftp
May 31 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Failed password for invalid user strapi from 109.195.179.94 port 56226 ssh2
May 31 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Received disconnect from 109.195.179.94 port 56226:11: Bye Bye [preauth]
May 31 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Disconnected from 109.195.179.94 port 56226 [preauth]
May 31 20:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25274]: Failed password for root from 155.103.71.46 port 42336 ssh2
May 31 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25274]: Received disconnect from 155.103.71.46 port 42336:11: Bye Bye [preauth]
May 31 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25274]: Disconnected from 155.103.71.46 port 42336 [preauth]
May 31 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for root from 202.133.90.219 port 43936 ssh2
May 31 20:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Connection closed by 202.133.90.219 port 43936 [preauth]
May 31 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session closed for user root
May 31 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25401]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25400]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session closed for user p13x
May 31 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25462]: Successful su for rubyman by root
May 31 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25462]: + ??? root:rubyman
May 31 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431349 of user rubyman.
May 31 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25462]: pam_unix(su:session): session closed for user rubyman
May 31 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431349.
May 31 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user root
May 31 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session closed for user samftp
May 31 20:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Invalid user github-runner from 109.195.179.94
May 31 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: input_userauth_request: invalid user github-runner [preauth]
May 31 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user github-runner from 109.195.179.94 port 35232 ssh2
May 31 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Received disconnect from 109.195.179.94 port 35232:11: Bye Bye [preauth]
May 31 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Disconnected from 109.195.179.94 port 35232 [preauth]
May 31 20:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Failed password for root from 202.133.90.219 port 33882 ssh2
May 31 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Connection closed by 202.133.90.219 port 33882 [preauth]
May 31 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user root
May 31 20:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: Failed password for root from 155.103.71.46 port 39070 ssh2
May 31 20:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: Received disconnect from 155.103.71.46 port 39070:11: Bye Bye [preauth]
May 31 20:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: Disconnected from 155.103.71.46 port 39070 [preauth]
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25805]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25806]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25804]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25806]: pam_unix(cron:session): session closed for user root
May 31 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25800]: pam_unix(cron:session): session closed for user p13x
May 31 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: Successful su for rubyman by root
May 31 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: + ??? root:rubyman
May 31 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431353 of user rubyman.
May 31 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: pam_unix(su:session): session closed for user rubyman
May 31 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431353.
May 31 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session closed for user root
May 31 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user root
May 31 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25801]: pam_unix(cron:session): session closed for user samftp
May 31 20:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Invalid user administrador from 109.195.179.94
May 31 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: input_userauth_request: invalid user administrador [preauth]
May 31 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Failed password for invalid user administrador from 109.195.179.94 port 47390 ssh2
May 31 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Received disconnect from 109.195.179.94 port 47390:11: Bye Bye [preauth]
May 31 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Disconnected from 109.195.179.94 port 47390 [preauth]
May 31 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Failed password for root from 202.133.90.219 port 54878 ssh2
May 31 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
May 31 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Connection closed by 202.133.90.219 port 54878 [preauth]
May 31 20:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Failed password for root from 125.20.210.182 port 36026 ssh2
May 31 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user p13x
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: Successful su for rubyman by root
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: + ??? root:rubyman
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431359 of user rubyman.
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: pam_unix(su:session): session closed for user rubyman
May 31 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431359.
May 31 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: Failed password for root from 155.103.71.46 port 51524 ssh2
May 31 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: Received disconnect from 155.103.71.46 port 51524:11: Bye Bye [preauth]
May 31 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: Disconnected from 155.103.71.46 port 51524 [preauth]
May 31 20:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23600]: pam_unix(cron:session): session closed for user root
May 31 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session closed for user samftp
May 31 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Connection closed by 125.20.210.182 port 36026 [preauth]
May 31 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
May 31 20:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Failed password for root from 80.66.85.226 port 48668 ssh2
May 31 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Invalid user ts2 from 109.195.179.94
May 31 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: input_userauth_request: invalid user ts2 [preauth]
May 31 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Connection closed by 80.66.85.226 port 48668 [preauth]
May 31 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Failed password for invalid user ts2 from 109.195.179.94 port 42962 ssh2
May 31 20:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Received disconnect from 109.195.179.94 port 42962:11: Bye Bye [preauth]
May 31 20:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Disconnected from 109.195.179.94 port 42962 [preauth]
May 31 20:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25401]: pam_unix(cron:session): session closed for user root
May 31 20:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Failed password for root from 202.133.90.219 port 53874 ssh2
May 31 20:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Connection closed by 202.133.90.219 port 53874 [preauth]
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26635]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session closed for user root
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session closed for user p13x
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26785]: Successful su for rubyman by root
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26785]: + ??? root:rubyman
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431364 of user rubyman.
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26785]: pam_unix(su:session): session closed for user rubyman
May 31 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431364.
May 31 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24145]: pam_unix(cron:session): session closed for user root
May 31 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session closed for user samftp
May 31 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.103.71.46  user=root
May 31 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Failed password for root from 155.103.71.46 port 52296 ssh2
May 31 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Received disconnect from 155.103.71.46 port 52296:11: Bye Bye [preauth]
May 31 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Disconnected from 155.103.71.46 port 52296 [preauth]
May 31 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25805]: pam_unix(cron:session): session closed for user root
May 31 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94  user=root
May 31 20:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
May 31 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Failed password for root from 103.172.78.219 port 43254 ssh2
May 31 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Failed password for root from 109.195.179.94 port 48164 ssh2
May 31 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Received disconnect from 109.195.179.94 port 48164:11: Bye Bye [preauth]
May 31 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Disconnected from 109.195.179.94 port 48164 [preauth]
May 31 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Connection closed by 103.172.78.219 port 43254 [preauth]
May 31 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.63.178  user=root
May 31 20:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27106]: Failed password for root from 62.133.63.178 port 51904 ssh2
May 31 20:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27106]: Connection closed by 62.133.63.178 port 51904 [preauth]
May 31 20:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Failed password for root from 202.133.90.219 port 48766 ssh2
May 31 20:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Connection closed by 202.133.90.219 port 48766 [preauth]
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session closed for user p13x
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: Successful su for rubyman by root
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: + ??? root:rubyman
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431368 of user rubyman.
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: pam_unix(su:session): session closed for user rubyman
May 31 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431368.
May 31 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session closed for user root
May 31 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session closed for user samftp
May 31 20:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: Invalid user admin123 from 185.156.73.233
May 31 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: input_userauth_request: invalid user admin123 [preauth]
May 31 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
May 31 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: Failed password for invalid user admin123 from 185.156.73.233 port 26694 ssh2
May 31 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27422]: Connection closed by 185.156.73.233 port 26694 [preauth]
May 31 20:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user root
May 31 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Invalid user jane from 109.195.179.94
May 31 20:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: input_userauth_request: invalid user jane [preauth]
May 31 20:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.179.94
May 31 20:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Failed password for invalid user jane from 109.195.179.94 port 55386 ssh2
May 31 20:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Received disconnect from 109.195.179.94 port 55386:11: Bye Bye [preauth]
May 31 20:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Disconnected from 109.195.179.94 port 55386 [preauth]
May 31 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27554]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27553]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27551]: pam_unix(cron:session): session closed for user p13x
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: Successful su for rubyman by root
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: + ??? root:rubyman
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431372 of user rubyman.
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27615]: pam_unix(su:session): session closed for user rubyman
May 31 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431372.
May 31 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user root
May 31 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27552]: pam_unix(cron:session): session closed for user samftp
May 31 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Failed password for root from 202.133.90.219 port 33192 ssh2
May 31 20:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Connection closed by 202.133.90.219 port 33192 [preauth]
May 31 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26635]: pam_unix(cron:session): session closed for user root
May 31 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Invalid user test5 from 112.217.188.122
May 31 20:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: input_userauth_request: invalid user test5 [preauth]
May 31 20:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.188.122
May 31 20:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Failed password for invalid user test5 from 112.217.188.122 port 59106 ssh2
May 31 20:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Received disconnect from 112.217.188.122 port 59106:11: Bye Bye [preauth]
May 31 20:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Disconnected from 112.217.188.122 port 59106 [preauth]
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27958]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27962]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27959]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27961]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27962]: pam_unix(cron:session): session closed for user root
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session closed for user p13x
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28042]: Successful su for rubyman by root
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28042]: + ??? root:rubyman
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431379 of user rubyman.
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28042]: pam_unix(su:session): session closed for user rubyman
May 31 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431379.
May 31 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27958]: pam_unix(cron:session): session closed for user root
May 31 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25400]: pam_unix(cron:session): session closed for user root
May 31 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session closed for user samftp
May 31 20:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Failed password for root from 202.133.90.219 port 50184 ssh2
May 31 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Connection closed by 202.133.90.219 port 50184 [preauth]
May 31 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session closed for user root
May 31 20:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Invalid user serwis from 161.35.65.86
May 31 20:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: input_userauth_request: invalid user serwis [preauth]
May 31 20:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.65.86
May 31 20:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for invalid user serwis from 161.35.65.86 port 41316 ssh2
May 31 20:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Received disconnect from 161.35.65.86 port 41316:11: Bye Bye [preauth]
May 31 20:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Disconnected from 161.35.65.86 port 41316 [preauth]
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28447]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session closed for user p13x
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: Successful su for rubyman by root
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: + ??? root:rubyman
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431383 of user rubyman.
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: pam_unix(su:session): session closed for user rubyman
May 31 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431383.
May 31 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25804]: pam_unix(cron:session): session closed for user root
May 31 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user samftp
May 31 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Failed password for root from 202.133.90.219 port 41854 ssh2
May 31 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Connection closed by 202.133.90.219 port 41854 [preauth]
May 31 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27554]: pam_unix(cron:session): session closed for user root
May 31 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Received disconnect from 163.223.54.21 port 48324:11: disconnected by user [preauth]
May 31 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Disconnected from 163.223.54.21 port 48324 [preauth]
May 31 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
May 31 20:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Received disconnect from 151.237.79.243 port 51650:11: disconnected by user [preauth]
May 31 20:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Disconnected from 151.237.79.243 port 51650 [preauth]
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28951]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session closed for user p13x
May 31 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
May 31 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: Successful su for rubyman by root
May 31 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: + ??? root:rubyman
May 31 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431386 of user rubyman.
May 31 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: pam_unix(su:session): session closed for user rubyman
May 31 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431386.
May 31 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user root
May 31 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Failed password for root from 77.94.47.83 port 53030 ssh2
May 31 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Connection closed by 77.94.47.83 port 53030 [preauth]
May 31 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28950]: pam_unix(cron:session): session closed for user samftp
May 31 20:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27961]: pam_unix(cron:session): session closed for user root
May 31 20:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29315]: Failed password for root from 202.133.90.219 port 55060 ssh2
May 31 20:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29315]: Connection closed by 202.133.90.219 port 55060 [preauth]
May 31 20:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Invalid user sshadmin from 125.20.210.182
May 31 20:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: input_userauth_request: invalid user sshadmin [preauth]
May 31 20:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182
May 31 20:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for invalid user sshadmin from 125.20.210.182 port 40278 ssh2
May 31 20:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 125.20.210.182 port 40278 [preauth]
May 31 20:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.101.237  user=root
May 31 20:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Failed password for root from 103.186.101.237 port 45786 ssh2
May 31 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Received disconnect from 103.186.101.237 port 45786:11: Bye Bye [preauth]
May 31 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Disconnected from 103.186.101.237 port 45786 [preauth]
May 31 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user p13x
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for root from 51.178.114.78 port 49718 ssh2
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: Successful su for rubyman by root
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: + ??? root:rubyman
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Received disconnect from 51.178.114.78 port 49718:11: Bye Bye [preauth]
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Disconnected from 51.178.114.78 port 49718 [preauth]
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431390 of user rubyman.
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: pam_unix(su:session): session closed for user rubyman
May 31 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431390.
May 31 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session closed for user root
May 31 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user samftp
May 31 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Invalid user igor from 103.20.122.54
May 31 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: input_userauth_request: invalid user igor [preauth]
May 31 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.122.54
May 31 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28447]: pam_unix(cron:session): session closed for user root
May 31 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Failed password for invalid user igor from 103.20.122.54 port 57438 ssh2
May 31 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Received disconnect from 103.20.122.54 port 57438:11: Bye Bye [preauth]
May 31 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Disconnected from 103.20.122.54 port 57438 [preauth]
May 31 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
May 31 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29818]: Failed password for root from 103.82.132.16 port 49440 ssh2
May 31 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29818]: Connection closed by 103.82.132.16 port 49440 [preauth]
May 31 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
May 31 20:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Failed password for root from 38.93.206.2 port 55814 ssh2
May 31 20:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Connection closed by 38.93.206.2 port 55814 [preauth]
May 31 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: Failed password for root from 202.133.90.219 port 46084 ssh2
May 31 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: Connection closed by 202.133.90.219 port 46084 [preauth]
May 31 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
May 31 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29891]: Failed password for root from 87.251.79.125 port 34554 ssh2
May 31 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29891]: Connection closed by 87.251.79.125 port 34554 [preauth]
May 31 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user p13x
May 31 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29974]: Successful su for rubyman by root
May 31 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29974]: + ??? root:rubyman
May 31 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431394 of user rubyman.
May 31 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29974]: pam_unix(su:session): session closed for user rubyman
May 31 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431394.
May 31 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session closed for user root
May 31 20:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29916]: pam_unix(cron:session): session closed for user samftp
May 31 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
May 31 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Failed password for root from 89.223.69.22 port 54626 ssh2
May 31 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session closed for user root
May 31 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Connection closed by 89.223.69.22 port 54626 [preauth]
May 31 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: Failed password for root from 202.133.90.219 port 45968 ssh2
May 31 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: Connection closed by 202.133.90.219 port 45968 [preauth]
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30341]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30339]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30342]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30342]: pam_unix(cron:session): session closed for user root
May 31 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30337]: pam_unix(cron:session): session closed for user p13x
May 31 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: Successful su for rubyman by root
May 31 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: + ??? root:rubyman
May 31 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431398 of user rubyman.
May 31 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: pam_unix(su:session): session closed for user rubyman
May 31 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431398.
May 31 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30339]: pam_unix(cron:session): session closed for user root
May 31 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27553]: pam_unix(cron:session): session closed for user root
May 31 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session closed for user samftp
May 31 20:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session closed for user root
May 31 20:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Invalid user bob from 161.248.189.72
May 31 20:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: input_userauth_request: invalid user bob [preauth]
May 31 20:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.248.189.72
May 31 20:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Failed password for invalid user bob from 161.248.189.72 port 58438 ssh2
May 31 20:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Received disconnect from 161.248.189.72 port 58438:11: Bye Bye [preauth]
May 31 20:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Disconnected from 161.248.189.72 port 58438 [preauth]
May 31 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user pi from 193.24.211.100
May 31 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user pi [preauth]
May 31 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.100
May 31 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user pi from 193.24.211.100 port 10894 ssh2
May 31 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Received disconnect from 193.24.211.100 port 10894:11: Client disconnecting normally [preauth]
May 31 20:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Disconnected from 193.24.211.100 port 10894 [preauth]
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session closed for user p13x
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: Successful su for rubyman by root
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: + ??? root:rubyman
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431404 of user rubyman.
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: pam_unix(su:session): session closed for user rubyman
May 31 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431404.
May 31 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27959]: pam_unix(cron:session): session closed for user root
May 31 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session closed for user samftp
May 31 20:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: Failed password for root from 202.133.90.219 port 55628 ssh2
May 31 20:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: Connection closed by 202.133.90.219 port 55628 [preauth]
May 31 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session closed for user root
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31285]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31284]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31282]: pam_unix(cron:session): session closed for user p13x
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: Successful su for rubyman by root
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: + ??? root:rubyman
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431408 of user rubyman.
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session closed for user rubyman
May 31 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431408.
May 31 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
May 31 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session closed for user root
May 31 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Failed password for root from 103.77.242.62 port 41022 ssh2
May 31 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Connection closed by 103.77.242.62 port 41022 [preauth]
May 31 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31283]: pam_unix(cron:session): session closed for user samftp
May 31 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Failed password for root from 202.133.90.219 port 37378 ssh2
May 31 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Connection closed by 202.133.90.219 port 37378 [preauth]
May 31 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30341]: pam_unix(cron:session): session closed for user root
May 31 20:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: Did not receive identification string from 77.90.185.16
May 31 20:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: Invalid user bob from 168.144.95.137
May 31 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: input_userauth_request: invalid user bob [preauth]
May 31 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.95.137
May 31 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: Failed password for invalid user bob from 168.144.95.137 port 53632 ssh2
May 31 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: Received disconnect from 168.144.95.137 port 53632:11: Bye Bye [preauth]
May 31 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31782]: Disconnected from 168.144.95.137 port 53632 [preauth]
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31795]: pam_unix(cron:session): session closed for user p13x
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31854]: Successful su for rubyman by root
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31854]: + ??? root:rubyman
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431413 of user rubyman.
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31854]: pam_unix(su:session): session closed for user rubyman
May 31 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431413.
May 31 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28951]: pam_unix(cron:session): session closed for user root
May 31 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31796]: pam_unix(cron:session): session closed for user samftp
May 31 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.172.54.111  user=root
May 31 20:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Failed password for root from 109.172.54.111 port 33410 ssh2
May 31 20:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Connection closed by 109.172.54.111 port 33410 [preauth]
May 31 20:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Failed password for root from 202.133.90.219 port 34838 ssh2
May 31 20:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Connection closed by 202.133.90.219 port 34838 [preauth]
May 31 20:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session closed for user root
May 31 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Invalid user user from 2.57.121.25
May 31 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: input_userauth_request: invalid user user [preauth]
May 31 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Failed password for invalid user user from 2.57.121.25 port 52093 ssh2
May 31 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.170.125  user=root
May 31 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32214]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32212]: pam_unix(cron:session): session closed for user p13x
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Failed password for invalid user user from 2.57.121.25 port 52093 ssh2
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: Successful su for rubyman by root
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: + ??? root:rubyman
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431417 of user rubyman.
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: pam_unix(su:session): session closed for user rubyman
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431417.
May 31 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Failed password for root from 103.149.170.125 port 51462 ssh2
May 31 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Connection closed by 103.149.170.125 port 51462 [preauth]
May 31 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session closed for user root
May 31 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Failed password for invalid user user from 2.57.121.25 port 52093 ssh2
May 31 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session closed for user samftp
May 31 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Failed password for invalid user user from 2.57.121.25 port 52093 ssh2
May 31 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Failed password for invalid user user from 2.57.121.25 port 52093 ssh2
May 31 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Received disconnect from 2.57.121.25 port 52093:11: Bye [preauth]
May 31 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Disconnected from 2.57.121.25 port 52093 [preauth]
May 31 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
May 31 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 20:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31285]: pam_unix(cron:session): session closed for user root
May 31 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Failed password for root from 202.133.90.219 port 35116 ssh2
May 31 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Connection closed by 202.133.90.219 port 35116 [preauth]
May 31 20:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.20.210.182  user=root
May 31 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Failed password for root from 125.20.210.182 port 40960 ssh2
May 31 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Connection closed by 125.20.210.182 port 40960 [preauth]
May 31 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: User mysql from 185.156.73.233 not allowed because not listed in AllowUsers
May 31 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: input_userauth_request: invalid user mysql [preauth]
May 31 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=mysql
May 31 20:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Failed password for invalid user mysql from 185.156.73.233 port 39708 ssh2
May 31 20:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Connection closed by 185.156.73.233 port 39708 [preauth]
May 31 20:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.188.122  user=root
May 31 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32615]: Failed password for root from 112.217.188.122 port 55612 ssh2
May 31 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32615]: Received disconnect from 112.217.188.122 port 55612:11: Bye Bye [preauth]
May 31 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32615]: Disconnected from 112.217.188.122 port 55612 [preauth]
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32631]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session closed for user root
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user p13x
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: Successful su for rubyman by root
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: + ??? root:rubyman
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431420 of user rubyman.
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: pam_unix(su:session): session closed for user rubyman
May 31 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431420.
May 31 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session closed for user root
May 31 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user root
May 31 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32627]: pam_unix(cron:session): session closed for user samftp
May 31 20:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.128.84  user=root
May 31 20:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Failed password for root from 193.228.128.84 port 35956 ssh2
May 31 20:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Connection closed by 193.228.128.84 port 35956 [preauth]
May 31 20:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Invalid user kocom from 161.35.65.86
May 31 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: input_userauth_request: invalid user kocom [preauth]
May 31 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.65.86
May 31 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Failed password for invalid user kocom from 161.35.65.86 port 35540 ssh2
May 31 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Received disconnect from 161.35.65.86 port 35540:11: Bye Bye [preauth]
May 31 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Disconnected from 161.35.65.86 port 35540 [preauth]
May 31 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session closed for user root
May 31 20:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for root from 202.133.90.219 port 48820 ssh2
May 31 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 202.133.90.219 port 48820 [preauth]
May 31 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: Connection closed by 194.59.206.2 port 57762 [preauth]
May 31 20:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
May 31 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Failed password for root from 51.178.114.78 port 59806 ssh2
May 31 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Received disconnect from 51.178.114.78 port 59806:11: Bye Bye [preauth]
May 31 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Disconnected from 51.178.114.78 port 59806 [preauth]
May 31 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[758]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[756]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[754]: pam_unix(cron:session): session closed for user p13x
May 31 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: Successful su for rubyman by root
May 31 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: + ??? root:rubyman
May 31 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431426 of user rubyman.
May 31 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: pam_unix(su:session): session closed for user rubyman
May 31 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431426.
May 31 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session closed for user root
May 31 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[755]: pam_unix(cron:session): session closed for user samftp
May 31 20:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: Invalid user dima from 103.20.122.54
May 31 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: input_userauth_request: invalid user dima [preauth]
May 31 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.122.54
May 31 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: Failed password for invalid user dima from 103.20.122.54 port 33576 ssh2
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: Received disconnect from 103.20.122.54 port 33576:11: Bye Bye [preauth]
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1039]: Disconnected from 103.20.122.54 port 33576 [preauth]
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Invalid user vm from 103.186.101.237
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: input_userauth_request: invalid user vm [preauth]
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.101.237
May 31 20:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Failed password for invalid user vm from 103.186.101.237 port 46528 ssh2
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Received disconnect from 103.186.101.237 port 46528:11: Bye Bye [preauth]
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Disconnected from 103.186.101.237 port 46528 [preauth]
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Invalid user pool from 177.229.197.38
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: input_userauth_request: invalid user pool [preauth]
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.229.197.38
May 31 20:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Failed password for invalid user pool from 177.229.197.38 port 49390 ssh2
May 31 20:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Received disconnect from 177.229.197.38 port 49390:11: Bye Bye [preauth]
May 31 20:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Disconnected from 177.229.197.38 port 49390 [preauth]
May 31 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session closed for user root
May 31 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Invalid user roo from 161.248.189.72
May 31 20:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: input_userauth_request: invalid user roo [preauth]
May 31 20:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.248.189.72
May 31 20:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Failed password for invalid user roo from 161.248.189.72 port 58656 ssh2
May 31 20:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Received disconnect from 161.248.189.72 port 58656:11: Bye Bye [preauth]
May 31 20:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Disconnected from 161.248.189.72 port 58656 [preauth]
May 31 20:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.188.122  user=root
May 31 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: Invalid user developer from 168.144.95.137
May 31 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: input_userauth_request: invalid user developer [preauth]
May 31 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.95.137
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Failed password for root from 112.217.188.122 port 60510 ssh2
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: Failed password for invalid user developer from 168.144.95.137 port 37986 ssh2
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Received disconnect from 112.217.188.122 port 60510:11: Bye Bye [preauth]
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Disconnected from 112.217.188.122 port 60510 [preauth]
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: Received disconnect from 168.144.95.137 port 37986:11: Bye Bye [preauth]
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: Disconnected from 168.144.95.137 port 37986 [preauth]
May 31 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.65.86  user=root
May 31 20:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for root from 161.35.65.86 port 54122 ssh2
May 31 20:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Received disconnect from 161.35.65.86 port 54122:11: Bye Bye [preauth]
May 31 20:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Disconnected from 161.35.65.86 port 54122 [preauth]
May 31 20:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Invalid user admin from 2.57.121.112
May 31 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: input_userauth_request: invalid user admin [preauth]
May 31 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 202.133.90.219 port 55196 ssh2
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Connection closed by 202.133.90.219 port 55196 [preauth]
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session closed for user p13x
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1291]: Successful su for rubyman by root
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1291]: + ??? root:rubyman
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431430 of user rubyman.
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1291]: pam_unix(su:session): session closed for user rubyman
May 31 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431430.
May 31 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Failed password for invalid user admin from 2.57.121.112 port 48595 ssh2
May 31 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30783]: pam_unix(cron:session): session closed for user root
May 31 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Failed password for invalid user admin from 2.57.121.112 port 48595 ssh2
May 31 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session closed for user samftp
May 31 20:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Failed password for invalid user admin from 2.57.121.112 port 48595 ssh2
May 31 20:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Failed password for invalid user admin from 2.57.121.112 port 48595 ssh2
May 31 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Invalid user jenny1 from 51.178.114.78
May 31 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: input_userauth_request: invalid user jenny1 [preauth]
May 31 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
May 31 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Failed password for invalid user admin from 2.57.121.112 port 48595 ssh2
May 31 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Received disconnect from 2.57.121.112 port 48595:11: Bye [preauth]
May 31 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Disconnected from 2.57.121.112 port 48595 [preauth]
May 31 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
May 31 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: PAM service(sshd) ignoring max retries; 5 > 3
May 31 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for invalid user jenny1 from 51.178.114.78 port 43446 ssh2
May 31 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Received disconnect from 51.178.114.78 port 43446:11: Bye Bye [preauth]
May 31 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Disconnected from 51.178.114.78 port 43446 [preauth]
May 31 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32631]: pam_unix(cron:session): session closed for user root
May 31 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Invalid user roo from 103.20.122.54
May 31 20:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: input_userauth_request: invalid user roo [preauth]
May 31 20:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.122.54
May 31 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Failed password for invalid user roo from 103.20.122.54 port 42686 ssh2
May 31 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Received disconnect from 103.20.122.54 port 42686:11: Bye Bye [preauth]
May 31 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Disconnected from 103.20.122.54 port 42686 [preauth]
May 31 20:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
May 31 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Failed password for root from 193.37.70.224 port 39412 ssh2
May 31 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Connection closed by 193.37.70.224 port 39412 [preauth]
May 31 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Invalid user jerry from 161.35.65.86
May 31 20:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: input_userauth_request: invalid user jerry [preauth]
May 31 20:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.65.86
May 31 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Failed password for invalid user jerry from 161.35.65.86 port 46232 ssh2
May 31 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Received disconnect from 161.35.65.86 port 46232:11: Bye Bye [preauth]
May 31 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Disconnected from 161.35.65.86 port 46232 [preauth]
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1794]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session closed for user p13x
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: Successful su for rubyman by root
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: + ??? root:rubyman
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431436 of user rubyman.
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: pam_unix(su:session): session closed for user rubyman
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431436.
May 31 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
May 31 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Invalid user roo from 103.186.101.237
May 31 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: input_userauth_request: invalid user roo [preauth]
May 31 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.101.237
May 31 20:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31284]: pam_unix(cron:session): session closed for user root
May 31 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Failed password for root from 62.133.62.83 port 39288 ssh2
May 31 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Connection closed by 62.133.62.83 port 39288 [preauth]
May 31 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Failed password for invalid user roo from 103.186.101.237 port 60648 ssh2
May 31 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session closed for user samftp
May 31 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Received disconnect from 103.186.101.237 port 60648:11: Bye Bye [preauth]
May 31 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Disconnected from 103.186.101.237 port 60648 [preauth]
May 31 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.95.137  user=root
May 31 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Failed password for root from 202.133.90.219 port 55472 ssh2
May 31 20:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Connection closed by 202.133.90.219 port 55472 [preauth]
May 31 20:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Failed password for root from 168.144.95.137 port 54552 ssh2
May 31 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Received disconnect from 168.144.95.137 port 54552:11: Bye Bye [preauth]
May 31 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Disconnected from 168.144.95.137 port 54552 [preauth]
May 31 20:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Invalid user vm from 161.248.189.72
May 31 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: input_userauth_request: invalid user vm [preauth]
May 31 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.248.189.72
May 31 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Failed password for invalid user vm from 161.248.189.72 port 58774 ssh2
May 31 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Received disconnect from 161.248.189.72 port 58774:11: Bye Bye [preauth]
May 31 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Disconnected from 161.248.189.72 port 58774 [preauth]
May 31 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.188.122  user=root
May 31 20:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: Failed password for root from 112.217.188.122 port 38230 ssh2
May 31 20:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: Received disconnect from 112.217.188.122 port 38230:11: Bye Bye [preauth]
May 31 20:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: Disconnected from 112.217.188.122 port 38230 [preauth]
May 31 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Invalid user sybase from 51.178.114.78
May 31 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: input_userauth_request: invalid user sybase [preauth]
May 31 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
May 31 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Failed password for invalid user sybase from 51.178.114.78 port 54160 ssh2
May 31 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Received disconnect from 51.178.114.78 port 54160:11: Bye Bye [preauth]
May 31 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Disconnected from 51.178.114.78 port 54160 [preauth]
May 31 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[758]: pam_unix(cron:session): session closed for user root
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2276]: pam_unix(cron:session): session closed for user p13x
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2349]: Successful su for rubyman by root
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2349]: + ??? root:rubyman
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431438 of user rubyman.
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2349]: pam_unix(su:session): session closed for user rubyman
May 31 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431438.
May 31 20:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session closed for user root
May 31 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session closed for user samftp
May 31 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Invalid user vm from 103.20.122.54
May 31 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: input_userauth_request: invalid user vm [preauth]
May 31 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.122.54
May 31 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Invalid user jenny1 from 161.35.65.86
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: input_userauth_request: invalid user jenny1 [preauth]
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.65.86
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Failed password for invalid user vm from 103.20.122.54 port 57608 ssh2
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Received disconnect from 103.20.122.54 port 57608:11: Bye Bye [preauth]
May 31 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Disconnected from 103.20.122.54 port 57608 [preauth]
May 31 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Failed password for invalid user jenny1 from 161.35.65.86 port 58866 ssh2
May 31 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Received disconnect from 161.35.65.86 port 58866:11: Bye Bye [preauth]
May 31 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Disconnected from 161.35.65.86 port 58866 [preauth]
May 31 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.90.219  user=root
May 31 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Failed password for root from 202.133.90.219 port 40698 ssh2
May 31 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Connection closed by 202.133.90.219 port 40698 [preauth]
May 31 20:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session closed for user root
May 31 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Invalid user telegram from 177.229.197.38
May 31 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: input_userauth_request: invalid user telegram [preauth]
May 31 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.229.197.38
May 31 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Failed password for invalid user telegram from 177.229.197.38 port 46054 ssh2
May 31 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Received disconnect from 177.229.197.38 port 46054:11: Bye Bye [preauth]
May 31 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Disconnected from 177.229.197.38 port 46054 [preauth]
May 31 20:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user vm from 168.144.95.137
May 31 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user vm [preauth]
May 31 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.95.137
May 31 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user vm from 168.144.95.137 port 36436 ssh2
May 31 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Received disconnect from 168.144.95.137 port 36436:11: Bye Bye [preauth]
May 31 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Disconnected from 168.144.95.137 port 36436 [preauth]
May 31 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: Invalid user test from 51.178.114.78
May 31 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: input_userauth_request: invalid user test [preauth]
May 31 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
May 31 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Received disconnect from 185.89.249.3 port 44398:11: disconnected by user [preauth]
May 31 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Disconnected from 185.89.249.3 port 44398 [preauth]
May 31 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Received disconnect from 89.163.145.38 port 19230:11: disconnected by user [preauth]
May 31 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Disconnected from 89.163.145.38 port 19230 [preauth]
May 31 20:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: Failed password for invalid user test from 51.178.114.78 port 53290 ssh2
May 31 20:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: Received disconnect from 51.178.114.78 port 53290:11: Bye Bye [preauth]
May 31 20:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: Disconnected from 51.178.114.78 port 53290 [preauth]
May 31 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Invalid user student1 from 161.248.189.72
May 31 20:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: input_userauth_request: invalid user student1 [preauth]
May 31 20:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.248.189.72
May 31 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Invalid user dima from 103.186.101.237
May 31 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: input_userauth_request: invalid user dima [preauth]
May 31 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.101.237
May 31 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Failed password for invalid user dima from 103.186.101.237 port 44382 ssh2
May 31 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for invalid user student1 from 161.248.189.72 port 58886 ssh2
May 31 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Received disconnect from 103.186.101.237 port 44382:11: Bye Bye [preauth]
May 31 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Disconnected from 103.186.101.237 port 44382 [preauth]
May 31 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Received disconnect from 161.248.189.72 port 58886:11: Bye Bye [preauth]
May 31 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Disconnected from 161.248.189.72 port 58886 [preauth]
May 31 20:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.161.6  user=root
May 31 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Failed password for root from 115.190.161.6 port 32182 ssh2
May 31 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Connection closed by 115.190.161.6 port 32182 [preauth]
May 31 20:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Invalid user admin from 115.190.161.6
May 31 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: input_userauth_request: invalid user admin [preauth]
May 31 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: pam_unix(sshd:auth): check pass; user unknown
May 31 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.161.6
May 31 20:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.188.122  user=root
May 31 20:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Failed password for invalid user admin from 115.190.161.6 port 36804 ssh2
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session opened for user root by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session closed for user root
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2737]: pam_unix(cron:session): session closed for user p13x
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: Successful su for rubyman by root
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: + ??? root:rubyman
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 431442 of user rubyman.
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: pam_unix(su:session): session closed for user rubyman
May 31 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 431442.
May 31 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Failed password for root from 112.217.188.122 port 42574 ssh2
May 31 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Received disconnect from 112.217.188.122 port 42574:11: Bye Bye [preauth]
May 31 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Disconnected from 112.217.188.122 port 42574 [preauth]
May 31 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session closed for user root
May 31 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32214]: pam_unix(cron:session): session closed for user root
May 31 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session closed for user samftp
May 31 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
May 31 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Failed password for root from 37.233.85.71 port 48772 ssh2
May 31 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Connection closed by 37.233.85.71 port 48772 [preauth]
May 31 20:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 31 20:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: Invalid user